GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-24 15:31:27 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1 WDC_WD10EZEX-00ZF5A0 rev.80.00A80 931,51GB Running: hx7r6djq.exe; Driver: C:\Users\pvp\AppData\Local\Temp\pxloapow.sys ---- User code sections - GMER 2.0 ---- .text C:\Windows\system32\wininit.exe[672] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\wininit.exe[672] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\winlogon.exe[752] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\winlogon.exe[752] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\svchost.exe[900] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\svchost.exe[900] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\nvvsvc.exe[936] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\nvvsvc.exe[936] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\System32\svchost.exe[520] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\System32\svchost.exe[520] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\svchost.exe[572] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\svchost.exe[572] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\dwm.exe[420] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\dwm.exe[420] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\svchost.exe[564] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\svchost.exe[564] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1084] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1084] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1084] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fdf45b1532 4 bytes [5B, F4, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1084] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fdf45b153a 4 bytes [5B, F4, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1084] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fdf45b165a 4 bytes [5B, F4, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1096] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1096] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1096] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fdf45b1532 4 bytes [5B, F4, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1096] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fdf45b153a 4 bytes [5B, F4, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1096] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fdf45b165a 4 bytes [5B, F4, FD, 07] .text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\svchost.exe[732] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\svchost.exe[732] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2256] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fdf45b1532 4 bytes [5B, F4, FD, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2256] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fdf45b153a 4 bytes [5B, F4, FD, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2256] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fdf45b165a 4 bytes [5B, F4, FD, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2256] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2256] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\taskhostex.exe[2264] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\taskhostex.exe[2264] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\Explorer.EXE[2556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\Explorer.EXE[2556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fdf45b1532 4 bytes [5B, F4, FD, 07] .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fdf45b153a 4 bytes [5B, F4, FD, 07] .text C:\Windows\Explorer.EXE[2556] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fdf45b165a 4 bytes [5B, F4, FD, 07] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2408] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fdf45b1532 4 bytes [5B, F4, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2408] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fdf45b153a 4 bytes [5B, F4, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2408] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fdf45b165a 4 bytes [5B, F4, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2408] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2408] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\msiexec.exe[3376] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdfb7f177a 4 bytes [7F, FB, FD, 07] .text C:\Windows\system32\msiexec.exe[3376] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdfb7f1782 4 bytes [7F, FB, FD, 07] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7fde9b71c80] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7fde9b73298] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fde9b71bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!MoveFileW] [7fde9b95040] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fde9b73184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileExW] [7fde9b94f30] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll[KERNEL32.dll!SetFileAttributesA] [7fde9b956b0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll[KERNEL32.dll!MoveFileA] [7fde9b94fa8] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll[KERNEL32.dll!DeleteFileA] [7fde9b71f00] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll[KERNEL32.dll!SetFileAttributesW] [7fde9b73260] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll[KERNEL32.dll!MoveFileW] [7fde9b95040] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll[KERNEL32.dll!DeleteFileW] [7fde9b73184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll[KERNEL32.dll!CreateFileA] [7fde9b71e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll[KERNEL32.dll!CreateFileW] [7fde9b71bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!CreateFileA] [7fde9b71e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!DeleteFileW] [7fde9b73184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateFileW] [7fde9b71bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateFileA] [7fde9b71e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!SetFileAttributesA] [7fde9b956b0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!DeleteFileA] [7fde9b71f00] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CopyFileA] [7fde9b94e50] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!CopyFileExW] [7fde9b94f30] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!MoveFileExW] [7fde9b95164] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!DeleteFileW] [7fde9b73184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!CreateFileW] [7fde9b71bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!CreateFileA] [7fde9b71e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\USERENV.dll[KERNELBASE.dll!PrivCopyFileExW] [7fde9b95638] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!CreateFileW] [7fde9b71bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!_lcreat] [7fde9b953f8] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!_lopen] [7fde9b95300] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!_lwrite] [7fde9b954f0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!DeleteFileA] [7fde9b71f00] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!DeleteFileW] [7fde9b73184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!MoveFileW] [7fde9b95040] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!CreateFileW] [7fde9b71bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!MoveFileW] [7fde9b95040] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!CreateFileA] [7fde9b71e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!CreateFileW] [7fde9b71bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!DeleteFileA] [7fde9b71f00] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!DeleteFileW] [7fde9b73184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!SetFileAttributesA] [7fde9b956b0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!MoveFileExW] [7fde9b95164] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!SetFileAttributesW] [7fde9b73260] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\Msi.dll[ADVAPI32.dll!SetFileSecurityW] [7fde9b96230] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\Msi.dll[ADVAPI32.dll!RegCreateKeyExW] [7fde9b71d50] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\Msi.dll[ADVAPI32.dll!RegSetValueExA] [7fde9b72cc4] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\Msi.dll[ADVAPI32.dll!RegSetValueExW] [7fde9b71df0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\Msi.dll[ADVAPI32.dll!RegDeleteKeyW] [7fde9b96bf0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\Msi.dll[ADVAPI32.dll!RegDeleteValueW] [7fde9b73218] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\Msi.dll[ADVAPI32.dll!RegOpenKeyExW] [7fde9b71c80] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\Msi.dll[KERNEL32.dll!MoveFileW] [7fde9b95040] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\Msi.dll[KERNEL32.dll!DeleteFileW] [7fde9b73184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\Msi.dll[KERNEL32.dll!CreateFileW] [7fde9b71bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\Msi.dll[KERNEL32.dll!MoveFileExW] [7fde9b95164] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\Msi.dll[KERNEL32.dll!SetFileAttributesW] [7fde9b73260] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[KERNEL32.dll!MoveFileExW] [7fde9b95164] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[KERNEL32.dll!MoveFileW] [7fde9b95040] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[KERNEL32.dll!DeleteFileW] [7fde9b73184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[KERNEL32.dll!CopyFileW] [7fde9b73298] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[KERNEL32.dll!SetFileAttributesW] [7fde9b73260] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[KERNEL32.dll!CreateFileA] [7fde9b71e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[KERNEL32.dll!DeleteFileA] [7fde9b71f00] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[KERNEL32.dll!SetFileAttributesA] [7fde9b956b0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[KERNEL32.dll!CopyFileA] [7fde9b94e50] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[KERNEL32.dll!CreateFileW] [7fde9b71bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[ADVAPI32.dll!RegDeleteValueA] [7fde9b733b8] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[ADVAPI32.dll!RegSetValueExA] [7fde9b72cc4] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[ADVAPI32.dll!RegOpenKeyExA] [7fde9b71ce8] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[ADVAPI32.dll!RegCreateKeyExA] [7fde9b72d34] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[ADVAPI32.dll!RegDeleteValueW] [7fde9b73218] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[ADVAPI32.dll!RegSetValueExW] [7fde9b71df0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[ADVAPI32.dll!RegOpenKeyExW] [7fde9b71c80] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll[ADVAPI32.dll!RegCreateKeyExW] [7fde9b71d50] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\SYSTEM32\MSVCR110_CLR0400.dll[KERNEL32.dll!SetFileAttributesW] [7fde9b73260] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\SYSTEM32\MSVCR110_CLR0400.dll[KERNEL32.dll!MoveFileExW] [7fde9b95164] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\SYSTEM32\MSVCR110_CLR0400.dll[KERNEL32.dll!DeleteFileW] [7fde9b73184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\SYSTEM32\MSVCR110_CLR0400.dll[KERNEL32.dll!CreateFileW] [7fde9b71bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[3376] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!CreateFileW] [7fde9b71bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL ---- Threads - GMER 2.0 ---- Thread C:\Windows\system32\csrss.exe [696:2312] fffff960008b45e8 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:3944] 0000000071e640f0 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:4072] 0000000071821120 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:3244] 000000007120e5e8 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:3352] 000000007120e5e8 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:3496] 000000006fcd9420 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:3740] 000000006fc0fe30 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:3856] 000000006fa9b1c0 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:2004] 0000000073f73840 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:1988] 0000000073f734b0 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:2000] 0000000073f73840 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:1992] 0000000073f734b0 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:4060] 000000007120e5e8 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:4064] 000000006f7b0b23 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:1556] 000000006f7b0b23 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:828] 0000000074b774e5 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:3916] 000000006f66e200 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768:848] 000000006f654d60 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2184:3020] 0000000074c57240 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2184:2988] 0000000074c575f0 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2184:3004] 0000000074c575f0 Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2184:3908] 0000000074e1c59c Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2184:3940] 0000000074e1c59c Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2184:3516] 0000000074e1c59c Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2184:3560] 0000000074e1c59c Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2184:3548] 0000000074e1c59c Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2184:3800] 0000000074e1c59c Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2184:3848] 0000000074e1c59c Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2184:2452] 0000000074e1c59c Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:1224] 000000006c766314 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:1660] 0000000077bb6f00 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:3924] 0000000077bb6f00 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:2644] 000000006c76539b Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:2792] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:2200] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:2788] 0000000074b774e5 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:2816] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:1616] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:1340] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:1808] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:2608] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:1304] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:1332] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:1348] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:596] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:1920] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:2424] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:4048] 0000000076534f62 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:1748] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:2720] 0000000077b9f504 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:2712] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:3972] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:3844] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:3032] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:3704] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:3572] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:3728] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:2568] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:3332] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:3552] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:3840] 000000007285248a Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:3932] 000000006e03c724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3296:1336] 000000006e03c724 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [1768] 0000000074a10000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2184] 0000000074e80000 ---- EOF - GMER 2.0 ----