GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-21 18:36:11 Windows 6.0.6002 Service Pack 2 Running: 4gmvlh20.exe; Driver: C:\Users\Kasia\AppData\Local\Temp\kwtoqpod.sys ---- User code sections - GMER 1.0.15 ---- ? C:\Windows\system32\services.exe[592] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: mswsock.dllunknown module: MSWSOCK.dll ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgPrintEx] 51EC8B55 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] 8B565351 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClose] FF560875 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationFile] 7E51A415 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenFile] 85D88B00 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationFile] C2840FDB IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareUnicodeString] 57000000 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] 0068406A IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateHeap] FF000010 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeHeap] 006A5073 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetValueKey] 506415FF IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateKey] F88B007E IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] 85FC7D89 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeUnicodeString] 9E840FFF IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreatePagingFile] 8B000000 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!_alldiv] A4F3544B IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySystemInformation] 1443B70F IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!_allmul] 0653B70F IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] 1818448D IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] 8B0CC083 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeStringEx] 08758B08 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationProcess] 03FC7D8B IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeString] 8BF903F1 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] C083FC48 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] A4F34A28 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryValueKey] 758BE975 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateFile] 9C3D8BFC IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenKey] 2B007E51 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!_vsnwprintf] 458D0875 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSecurityObject] 056A50F8 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] [75FF016A] C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] 85D7FFFC IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] EB2574C0 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateAcl] 04488B1D IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] 56F84D29 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] 8B08508D IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUnicodeString] FC450300 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtReadFile] 52F8C183 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!_chkstk] 5051E9D1 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNumberOfSetBitsUlongPtr] 519815FF IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMakeTemporaryObject] 7D83007E IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] DD7500F8 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenDirectoryObject] 50F8458D IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!qsort] 016A016A IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlRandomEx] FFFC75FF IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!memcpy] 74C085D7 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateDirectoryObject] 0C488D20 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlEqualUnicodeString] C085018B IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsicmp] F18B1774 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] 03FC4D8B IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!iswspace] 15FF50C1 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] [007E506C] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] 8B14C683 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLockBootStatusData] [75C08506] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetSaclSecurityDescriptor] FC458BEB IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddMandatoryAce] C95B5E5F IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLengthSid] 560004C2 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetAce] 8210BF57 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] 8B57007E IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] 6815FFF1 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] 6A007E50 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryDirectoryObject] 3C83580F IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTimeToTimeFields] 7E822885 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!memset] 09740000 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventWrite] 8548C88B IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventEnabled] EBEF75C9 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] 85348907 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMapViewOfSection] [007E8228] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSection] 6015FF57 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryRegistryValues] 5F007E50 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtResumeThread] 5756C35E IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForSingleObject] 7E8210BF IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtTerminateProcess] F18B5700 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] 506815FF IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserProcess] 0F6A007E IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateProcessParametersEx] 85343958 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsupr] [007E8228] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] C88B0974 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitAnsiString] [75C98548] C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!_stricmp] 8308EBF0 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksumEx] 82288524 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 5700007E IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] 506015FF IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDisplayString] 5E5F007E IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWriteFile] 800068C3 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAdjustPrivilege] 006A0000 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtInitializeRegistry] 5C15FF51 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSystemInformation] 50007E50 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetEvent] 519415FF IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetCurrentEnvironment] 55C3007E IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeleteValueKey] 5351EC8B IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateEnvironment] 35FF5756 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenEvent] [007E8268] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCreatePort] 519015FF IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationProcess] 8D59007E IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateTagHeap] E8400044 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserThread] 000031BC IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockExclusive] [75FFFC8B] C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockExclusive] FC7D8908 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationThread] 826835FF IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationToken] 6068007E IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenThreadToken] 57007E68 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcImpersonateClientOfPort] 518C15FF IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockShared] DB33007E IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockShared] 3910C483 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcDisconnectPort] 6E7D085D IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeSRWLock] FFF63357 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtConnectPort] 7E505815 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcGetMessageAttribute] 85F88B00 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcAcceptConnectPort] 8D3774FF IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcOpenSenderProcess] 6A500845 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCancelMessage] FF575602 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExitUserThread] 7E518815 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcSendWaitReceivePort] 7CC08500 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcInitializeMessageAttribute] FF556A25 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] 15FFFC75 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] [007E5184] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDuplicateObject] C9335959 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateEvent] 08896657 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeConditionVariable] FFFE1FE8 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearBits] 85D88BFF IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDeleteNoSplay] 8B0774DB IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClearEvent] F72B0875 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSleepConditionVariableSRW] FF57F303 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeAllConditionVariable] 7E505415 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetBits] 74F68500 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTestBit] FC4D8B53 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindClearBits] 7E8100BA IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearAllBits] 85D6FF00 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeBitMap] 684575C0 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeSid] 00008000 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRaiseHardError] 15FF5350 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] [007E505C] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] 5D3936EB IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventRegister] BB31740C IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetHeapInformation] [007E8210] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeConditionVariable] 6815FF53 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDelayExecution] BE007E50 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] [007E8264] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryEvent] C085068B IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleasePrivilege] 4D8B0774 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquirePrivilege] FFD78B08 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] 83C68BD0 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!wcstoul] 283D04EE IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] 75007E82 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnwind] 15FF53E7 IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgBreakPoint] [007E5060] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] 5FF0658D IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlConnectToSm] C2C95B5E IAT C:\Windows\system32\services.exe[592] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSendMsgToSm] 8B550008 IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DD7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E1B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DDBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DCF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DD75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DCE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E073F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73DDDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DCFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DCFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DC71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73E5CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73DFC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DCD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DC6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DC687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DD2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/ASUSTek Computer Inc)