GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-01 14:27:08 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD6400AACS-00G8B1 rev.05.04C05 Running: gmer.exe; Driver: C:\Users\Darek\AppData\Local\Temp\kwliypod.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtCreateFile + 6 77DC424A 4 Bytes [28, 00, 30, 00] {SUB [EAX], AL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtCreateFile + B 77DC424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtMapViewOfSection + 6 77DC499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtMapViewOfSection + 6 77DC499A 4 Bytes [28, 03, 30, 00] {SUB [EBX], AL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtMapViewOfSection + B 77DC499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenFile + 6 77DC4A2A 4 Bytes [68, 00, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenFile + B 77DC4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcess + 6 77DC4AAA 4 Bytes [A8, 01, 30, 00] {TEST AL, 0x1; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcess + B 77DC4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessToken + B 77DC4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessTokenEx + 6 77DC4ACA 4 Bytes [A8, 02, 30, 00] {TEST AL, 0x2; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessTokenEx + B 77DC4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThread + 6 77DC4B1A 4 Bytes [68, 01, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThread + B 77DC4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadToken + 6 77DC4B2A 4 Bytes [68, 02, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadToken + B 77DC4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadTokenEx + B 77DC4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryAttributesFile + 6 77DC4BCA 4 Bytes [A8, 00, 30, 00] {TEST AL, 0x0; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryAttributesFile + B 77DC4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryFullAttributesFile + B 77DC4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationFile + 6 77DC515A 4 Bytes [28, 01, 30, 00] {SUB [ECX], AL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationFile + B 77DC515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationThread + 6 77DC51AA 4 Bytes [28, 02, 30, 00] {SUB [EDX], AL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationThread + B 77DC51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtUnmapViewOfSection + 6 77DC544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtUnmapViewOfSection + 6 77DC544A 4 Bytes [68, 03, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtUnmapViewOfSection + B 77DC544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtCreateFile + 6 77DC424A 4 Bytes [28, 00, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtCreateFile + B 77DC424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtMapViewOfSection + 6 77DC499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtMapViewOfSection + 6 77DC499A 4 Bytes [28, 03, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtMapViewOfSection + B 77DC499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenFile + 6 77DC4A2A 4 Bytes [68, 00, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenFile + B 77DC4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcess + 6 77DC4AAA 4 Bytes [A8, 01, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcess + B 77DC4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcessToken + B 77DC4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcessTokenEx + 6 77DC4ACA 4 Bytes [A8, 02, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcessTokenEx + B 77DC4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThread + 6 77DC4B1A 4 Bytes [68, 01, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThread + B 77DC4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThreadToken + 6 77DC4B2A 4 Bytes [68, 02, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThreadToken + B 77DC4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThreadTokenEx + B 77DC4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtQueryAttributesFile + 6 77DC4BCA 4 Bytes [A8, 00, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtQueryAttributesFile + B 77DC4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtQueryFullAttributesFile + B 77DC4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationFile + 6 77DC515A 4 Bytes [28, 01, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationFile + B 77DC515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationThread + 6 77DC51AA 4 Bytes [28, 02, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationThread + B 77DC51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtUnmapViewOfSection + 6 77DC544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtUnmapViewOfSection + 6 77DC544A 4 Bytes [68, 03, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtUnmapViewOfSection + B 77DC544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtCreateFile + 6 77DC424A 4 Bytes [28, 00, 33, 00] {SUB [EAX], AL; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtCreateFile + B 77DC424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtMapViewOfSection + 6 77DC499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtMapViewOfSection + 6 77DC499A 4 Bytes [28, 03, 33, 00] {SUB [EBX], AL; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtMapViewOfSection + B 77DC499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtOpenFile + 6 77DC4A2A 4 Bytes [68, 00, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtOpenFile + B 77DC4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtOpenProcess + 6 77DC4AAA 4 Bytes [A8, 01, 33, 00] {TEST AL, 0x1; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtOpenProcess + B 77DC4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtOpenProcessToken + B 77DC4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtOpenProcessTokenEx + 6 77DC4ACA 4 Bytes [A8, 02, 33, 00] {TEST AL, 0x2; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtOpenProcessTokenEx + B 77DC4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtOpenThread + 6 77DC4B1A 4 Bytes [68, 01, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtOpenThread + B 77DC4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtOpenThreadToken + 6 77DC4B2A 4 Bytes [68, 02, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtOpenThreadToken + B 77DC4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtOpenThreadTokenEx + B 77DC4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtQueryAttributesFile + 6 77DC4BCA 4 Bytes [A8, 00, 33, 00] {TEST AL, 0x0; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtQueryAttributesFile + B 77DC4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtQueryFullAttributesFile + B 77DC4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtSetInformationFile + 6 77DC515A 4 Bytes [28, 01, 33, 00] {SUB [ECX], AL; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtSetInformationFile + B 77DC515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtSetInformationThread + 6 77DC51AA 4 Bytes [28, 02, 33, 00] {SUB [EDX], AL; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtSetInformationThread + B 77DC51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtUnmapViewOfSection + 6 77DC544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtUnmapViewOfSection + 6 77DC544A 4 Bytes [68, 03, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1588] ntdll.dll!NtUnmapViewOfSection + B 77DC544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtCreateFile + 6 77DC424A 4 Bytes [28, 00, 28, 00] {SUB [EAX], AL; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtCreateFile + B 77DC424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtMapViewOfSection + 6 77DC499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtMapViewOfSection + 6 77DC499A 4 Bytes [28, 03, 28, 00] {SUB [EBX], AL; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtMapViewOfSection + B 77DC499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenFile + 6 77DC4A2A 4 Bytes [68, 00, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenFile + B 77DC4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenProcess + 6 77DC4AAA 4 Bytes [A8, 01, 28, 00] {TEST AL, 0x1; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenProcess + B 77DC4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenProcessToken + B 77DC4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenProcessTokenEx + 6 77DC4ACA 4 Bytes [A8, 02, 28, 00] {TEST AL, 0x2; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenProcessTokenEx + B 77DC4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenThread + 6 77DC4B1A 4 Bytes [68, 01, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenThread + B 77DC4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenThreadToken + 6 77DC4B2A 4 Bytes [68, 02, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenThreadToken + B 77DC4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtOpenThreadTokenEx + B 77DC4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtQueryAttributesFile + 6 77DC4BCA 4 Bytes [A8, 00, 28, 00] {TEST AL, 0x0; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtQueryAttributesFile + B 77DC4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtQueryFullAttributesFile + B 77DC4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtSetInformationFile + 6 77DC515A 4 Bytes [28, 01, 28, 00] {SUB [ECX], AL; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtSetInformationFile + B 77DC515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtSetInformationThread + 6 77DC51AA 4 Bytes [28, 02, 28, 00] {SUB [EDX], AL; SUB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtSetInformationThread + B 77DC51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtUnmapViewOfSection + 6 77DC544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtUnmapViewOfSection + 6 77DC544A 4 Bytes [68, 03, 28, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1812] ntdll.dll!NtUnmapViewOfSection + B 77DC544F 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1128] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1260] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1588] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74DD7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74E1B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74DDBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74DCF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74DD75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74DCE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74E073F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74DDDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74DCFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74DCFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74DC71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74E5CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74DFC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74DCD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74DC6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74DC687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74DD2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1812] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDB 0xFE 0x79 0x2A ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x18 0x54 0x36 0xF3 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0xE5 0x41 0x85 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDB 0xFE 0x79 0x2A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x18 0x54 0x36 0xF3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0xE5 0x41 0x85 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDB 0xFE 0x79 0x2A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x18 0x54 0x36 0xF3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0xE5 0x41 0x85 ... ---- EOF - GMER 1.0.15 ----