GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-28 12:53:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB Running: qiw2l7g6.exe; Driver: C:\Users\ARDA\AppData\Local\Temp\ffrcqaod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749e1465 2 bytes [9E, 74] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749e14bb 2 bytes [9E, 74] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749e1465 2 bytes [9E, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749e14bb 2 bytes [9E, 74] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3036] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006f7011a8 2 bytes [70, 6F] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3036] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006f7013a8 2 bytes [70, 6F] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3036] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006f701422 2 bytes [70, 6F] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3036] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006f701498 2 bytes [70, 6F] .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749e1465 2 bytes [9E, 74] .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749e14bb 2 bytes [9E, 74] .text ... * 2 .text C:\Windows\SysWOW64\RunDll32.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749e1465 2 bytes [9E, 74] .text C:\Windows\SysWOW64\RunDll32.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749e14bb 2 bytes [9E, 74] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!EnumDisplaySettingsW] [ffcf830000000900] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!GetDesktopWindow] [8bffffeddde8cb8b] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!UnionRect] [ffff982ce829ebc7] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!IsRectEmpty] [c7ffff9805e83889] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!MonitorFromPoint] [7c89480000000900] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!MonitorFromRect] [c03345c933452024] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!IntersectRect] [ff971be8c933d233] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!PtInRect] [245c8b48ffc883ff] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!CharLowerW] [83486824748b4860] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!GetCursorPos] [c35f5c415d4130c4] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!GetWindowPlacement] [41f620ec83485340] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!CallWindowProcW] [f62274d98b488318] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!IsWindowUnicode] [498b481c74081841] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!GetWindowLongPtrW] [6381ffffaa0ee810] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!GetWindowLongPtrA] [48c033fffffbf718] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!SetWindowLongPtrW] [4389104389480389] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!SetWindowLongPtrA] [ccc35b20c4834808] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!SetWindowsHookExW] [25ff00000e7225ff] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!CallNextHookEx] [f5e25ff00000e74] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!ClientToScreen] [cccccccccccc0000] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!GetWindowRect] [6666cccccccccccc] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!EqualRect] [841f0f] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!SetWindowPos] [2414894c10ec8348] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!GetClassNameW] [db334d08245c894c] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!FindWindowExW] [d02b4c1824548d4c] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!UnhookWindowsHookEx] [1c8b4c65d3420f4d] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!FindWindowW] [d33b4d0000001025] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!MonitorFromWindow] [f000e28141661673] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!GetMonitorInfoW] [41fffff0009b8d4d] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!CopyRect] [f075d33b4d0003c6] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[USER32.dll!SendMessageW] [245c8b4c24148b4c] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[ADVAPI32.dll!SetEntriesInAclW] [894d0474ed854d1e] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[ADVAPI32.dll!InitializeSecurityDescriptor] [7448247c38400075] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[ADVAPI32.dll!SetSecurityDescriptorDacl] [a0834024448b480c] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[ADVAPI32.dll!FreeSid] [4cc033fd000000c8] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW] [205b8b4950245c8d] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[ADVAPI32.dll!GetSecurityDescriptorSacl] [30738b49286b8b49] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[ADVAPI32.dll!SetSecurityInfo] [41e38b49387b8b49] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[ADVAPI32.dll!CreateProcessAsUserW] [ccccc35c415d415e] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[ADVAPI32.dll!AllocateAndInitializeSid] [8b45c03338ec8348] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!WriteConsoleA] [6e470539d18b48] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!SetStdHandle] [58de0d8d48097500] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!InitializeCriticalSectionAndSpinCount] [51e8c93302eb0000] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!LoadLibraryA] [c338c48348fffffd] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetConsoleMode] [244c8d48ea8bf963] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetConsoleOutputCP] [ff8e1be8d08b4940] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!WriteFile] [fb8141015f8d44ff] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!SetFilePointer] [8b48157700000100] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetLocaleInfoA] [140888b48402444] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!WriteConsoleW] [b60f4008fec14024] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!CreateFileA] [401e74c085000000] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!FlushFileBuffers] [400000008824b488] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetConsoleCP] [c60000008924bc88] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetCPInfo] [44000000008a2484] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!CreateProcessW] [bc884013eb014a8d] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetModuleFileNameW] [2484c60000008824] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!CloseHandle] [ca8b440000000089] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!SetEvent] [24548940244c8b48] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!OpenEventW] [8824848d4c38] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!CreateThread] [3024448914418b00] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!ResetEvent] [40244c8d4804418b] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!WaitForSingleObject] [24448d4828244489] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!CreateEventW] [41e8202444894870] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetCurrentThreadId] [381675c085ffffd7] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetVersionExW] [448b480c74582444] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!LocalFree] [c8a0835024] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetLastError] [44b70f1aebc033fd] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!CreateFileMappingW] [58247c80c5237024] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!LocalAlloc] [50244c8b480c7400] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!MapViewOfFileEx] [4cfd000000c8a183] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!UnmapViewOfFile] [186b8b4960245c8d] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!lstrcmpW] [5fe38b4920738b49] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!FlsSetValue] [245c8948ccccccc3] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetCommandLineA] [634820ec83485708] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!TerminateProcess] [ffffee30e8cf8bf9] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetCurrentProcess] [8b485974fff88348] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!UnhandledExceptionFilter] [2b90000870305] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [40097501ff830000] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!IsDebuggerPresent] [a75000000b8b884] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!RtlVirtualUnwind] [16040f61d75f93b] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!RtlLookupFunctionEntry] [b9ffffee01e81774] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!RtlCaptureContext] [e8d88b4800000001] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetACP] [74c33b48ffffedf4] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetOEMCP] [ffffede8e8cf8b1e] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!IsValidCodePage] [f4f15ffc88b48] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!FlsGetValue] [ffffed1ce8cf8bdb] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!FlsFree] [c148cf8b48df8b4c] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!SetLastError] [8d481fe3834105f9] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!FlsAlloc] [c8b480000869315] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!HeapFree] [44c64258db6b4dca] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!Sleep] [8b0c74db85000819] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetModuleHandleW] [c883ffff993ee8cb] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetProcAddress] [5c8b48c03302ebff] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!SetHandleCount] [74894818245c8948] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetStdHandle] [415708244c892024] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetFileType] [4830ec8348554154] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetStartupInfoA] [e81c75fefb83d963] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetModuleFileNameA] [900c7ffff98bfe8] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!FreeEnvironmentStringsA] [c9e9ffc883000000] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetEnvironmentStrings] [fdf3bff33000000] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!FreeEnvironmentStringsW] [d1d3b000000968c] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!WideCharToMultiByte] [8a830f000086] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetEnvironmentStringsW] [49e38b4cf38b4800] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!HeapSetInformation] [86062d8d4c05fcc1] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!HeapCreate] [f66b481fe6830000] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!HeapDestroy] [be0f00e5448b4b58] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!RtlUnwindEx] [2b7501e18308304c] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!QueryPerformanceCounter] [e83889ffff988fe8] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetTickCount] [900c7ffff9868] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetCurrentProcessId] [4520247c89480000] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [33d233c03345c933] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!LCMapStringA] [c883ffff977ee8c9] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!MultiByteToWideChar] [ed62e8cb8b61ebff] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!LCMapStringW] [e5448b4b90ffff] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetStringTypeA] [8b0b7401083044f6] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] @ C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll[KERNEL32.dll!GetStringTypeW] [f88bfffffe86e8cb] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3836:4064] 000007fefb572a7c Thread C:\Windows\System32\svchost.exe [3860:2916] 000007fee6499688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9a46d1c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9a46d1c@0007abbc6cdb 0xA7 0xF2 0x31 0x36 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9a46d1c@9ccad96db7a9 0xC8 0x52 0x08 0x36 ... Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 1942 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9a46d1c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9a46d1c@0007abbc6cdb 0xA7 0xF2 0x31 0x36 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9a46d1c@9ccad96db7a9 0xC8 0x52 0x08 0x36 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@SuperHidden 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ApplicationDestinations@MaxEntries 15 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum@ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice@Progid WindowsLive.PhotoGallery.bmp.15.4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice@Progid WindowsLive.PhotoGallery.gif.15.4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice@Progid WindowsLive.PhotoGallery.jpg.15.4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice@Progid WindowsLive.PhotoGallery.jpg.15.4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice@Progid WindowsLive.PhotoGallery.jpg.15.4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice@Progid WindowsLive.PhotoGallery.png.15.4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice@Progid WindowsLive.PhotoGallery.tif.15.4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice@Progid WindowsLive.PhotoGallery.tif.15.4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU@a taskmgr\1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2@FavoritesRemovedChanges 4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesChanges 7 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesRemovedChanges 4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images@ID-1 AYAFA8BUg/E0gouOpBhoYjAArADMdmBAvMkOcBAAAAAAAAAAAAAAAAAAAAAAAAgUAEDAAAAAA0XQYRFMAcVauR2b3NHA8AACAQAAv7r76UoG9FEWUpCAAAwlCAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQaA4GAkBwbAcHAzBAAAYBAGBQMAAAAAAgCBJPtwAwVlJGA0AACAQAAv7r76goGurDFsoCAAAApQAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQZAIGAAAgEAgFAxAAAAAAALE0wDCDAXFETMBVQ+FDAAAEAIAABA8uvurDFssQQDPoKAAAAlCBAAAAABAAAAAAAAAAAAAAAAAAAAcFAhBAbAwGAwBQYAAHAlBgcAAAAYAQ4EEDAAAAAAsQQDPIMAwUZu9mdv9VMAAgPAgAAEAw7+uQQDP4CBN8gqAAAAQjKBAAAAsAAAAAAAAAAAAAAAAAAAAATAUGAuBwbAYHAvBwXAEDAAAAGAsIBAAAEA8uvBAAAAkHBAAQdEAAAxMFUTVQ1NXNnusBETeJCAsCL57aIAAAAQAAAAAwSAUGA5BgOAAFAJBARAAAATAAAAQGAAAQeDAAAUAAAAAwQA8GAuBAZAkGA0BQaA8GAuBAAAIEAAAgHAAAAwBgcA8GAwBANAIDA5AANAkDA2AwNAIDA5AQNAAAAAAwLDAAAT04bR4BEl+EhU/vg5hTG1AAAAAQAAAAALAAAAkIXxL1FaFOS72sRjiPn8JMAAAAAgr1zBp19GgUvHm1xZTij5SGAAAwCAAAAfAgBAAAAqAgLAoGAwBwZAAAAAAQAAAAAAAAAJyV8SdhWhj0uNb0o4zJfCDAAAAA4a9cQadvBI17hZdc2k4YukBAAAsAAAAwHAcAAAAgKA4CAqBAcAUGAnBAAAAAABAAAAAAAAkIXxL1FaFOS72sRjiPn8JMAAAAAgr1zBp19GgUvHm1xZTij5SGAAAwCAAAAfAgBAAAAqAgLAIGAtBAcAAAAAAQAAAAAAAAAJyV8Sdh Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images@ID-2 AYAFA8BUg/E0gouOpBhoYjAArADMdmBAvMkOcBAAAAAAAAAAAAAAAAAAAAAAAAgUAEDAAAAAA0XQYRFMAcVauR2b3NHA8AACAQAAv7r76UoG9FEWUpCAAAwlCAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQaA4GAkBwbAcHAzBAAAYBAGBQMAAAAAAgCBJPtwAwVlJGA0AACAQAAv7r76goGurDFsoCAAAApQAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQZAIGAAAgEAgFAxAAAAAAALE0wDCDAXFETMBVQ+FDAAAEAIAABA8uvurDFssQQDPoKAAAAlCBAAAAABAAAAAAAAAAAAAAAAAAAAcFAhBAbAwGAwBQYAAHAlBgcAAAAYAQ4EEDAAAAAAsQQDPIMAwUZu9mdv9VMAAgPAgAAEAw7+uQQDP4CBN8gqAAAAQjKBAAAAsAAAAAAAAAAAAAAAAAAAAATAUGAuBwbAYHAvBwXAEDAAAAGAsIBAAAEA8uvBAAAAkHBAAQdEAAAxMFUTVQ1NXNnusBETeJCAsCL57aIAAAAQAAAAAwSAUGA5BgOAAFAJBARAAAATAAAAQGAAAQeDAAAUAAAAAwQA8GAuBAZAkGA0BQaA8GAuBAAAIEAAAgHAAAAwBgcA8GAwBANAIDA5AANAkDA2AwNAIDA5AQNAAAAAAwLDAAAT04bR4BEl+EhU/vg5hTG1AAAAAQAAAAALAAAAkIXxL1FaFOS72sRjiPn8JMAAAAAgr1zBp19GgUvHm1xZTij5SGAAAwCAAAAfAgBAAAAqAgLAoGAwBwZAAAAAAQAAAAAAAAAJyV8SdhWhj0uNb0o4zJfCDAAAAA4a9cQadvBI17hZdc2k4YukBAAAsAAAAwHAcAAAAgKA4CAqBAcAUGAnBAAAAAABAAAAAAAAkIXxL1FaFOS72sRjiPn8JMAAAAAgr1zBp19GgUvHm1xZTij5SGAAAwCAAAAfAgBAAAAqAgLAIGAtBAcAAAAAAQAAAAAAAAAJyV8Sdh Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Count 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0@2004 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0@2001 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0@2007 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1@DisplayName Local intranet Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1@Description This zone contains all Web sites that are on your organization's intranet. Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@DisplayName Trusted sites Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@Description This zone contains Web sites that you trust not to damage your computer or data. Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@Flags 71 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2004 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2001 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1A10 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1001 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1004 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1201 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1206 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1207 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1208 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1209 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@120A 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@120B 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1402 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1405 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1406 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1407 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1408 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1409 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1601 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1604 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1605 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1606 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1607 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1608 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1609 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@160A 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1802 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1803 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1804 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1809 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1A00 131072 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1A02 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1A03 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1A04 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1A05 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1A06 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1C00 65536 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2000 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2005 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2100 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2101 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2102 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2103 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2104 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2105 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2106 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2200 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2201 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2300 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2301 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2400 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2401 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2402 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2600 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2700 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2007 65536 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2107 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2701 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2702 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2703 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2708 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2709 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4@2004 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4@2001 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4@1C00 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4@1A10 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4@2007 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Themes@CurrentTheme C:\Users\ARDA\AppData\Local\Microsoft\Windows\Themes\oem.theme Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationColor 1802811644 Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationColorBalance 8 Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationAfterglow 1802811644 Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationAfterglowBalance 43 Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationBlurBalance 49 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastQueuePesterTime 0xB4 0xB1 0xB8 0x4F ... ---- Files - GMER 2.1 ---- File C:\Windows\asd.log 49 bytes File C:\Windows\pl-PL.log 8376125 bytes File C:\Windows\SAII_LOG.TXT 703160 bytes File C:\Windows\Synaptics.log 1372 bytes File C:\Windows\TSSysprep.log 5949 bytes File C:\Windows\ntbtlog.txt 229286 bytes File C:\Windows\DirectX.log 199 bytes File C:\Windows\DPINST.LOG 13506 bytes File C:\Windows\DtcInstall.log 5075 bytes File C:\Windows\system32\NCCount.bin 0 bytes File C:\Windows\system32\MpSigStub.exe (size mismatch) 282744/278800 bytes executable File C:\Windows\system32\MRT.exe (size mismatch) 67599240/72702784 bytes executable File C:\Windows\system32\nv3dappshext.dll (size mismatch) 850752/877928 bytes executable File C:\Windows\system32\nv3dappshextr.dll (size mismatch) 55616/55144 bytes executable File C:\Windows\system32\nvcpl.dll (size mismatch) 6103360/6223208 bytes executable File C:\Windows\system32\UICommu.bin 228 bytes File C:\Windows\system32\mfevtps.exe 161168 bytes executable File C:\Windows\system32\nvmctray.dll (size mismatch) 118080/118120 bytes executable File C:\Windows\system32\nvsvcr.dll (size mismatch) 2561856/2557800 bytes executable File C:\Windows\system32\nvvsvc.exe (size mismatch) 889664/890216 bytes executable <-- ROOTKIT !!! File C:\Windows\system32\drivers\aswrdr2.sys 72016 bytes executable File C:\Windows\system32\drivers\ASWRVRT.sys 65408 bytes executable File C:\Windows\system32\drivers\ASWSNX.sys 984144 bytes executable File C:\Windows\system32\drivers\ASWSP.sys 370288 bytes executable File C:\Windows\system32\drivers\ASWTDI.sys 59728 bytes executable File C:\Windows\system32\drivers\ASWVMM.sys 189936 bytes executable File C:\Windows\system32\drivers\avgtpx64.sys 30568 bytes executable File C:\Windows\system32\drivers\cfwids.sys 65264 bytes executable File C:\Windows\system32\drivers\mfeapfk.sys 160280 bytes executable File C:\Windows\system32\drivers\mfeavfk.sys 229528 bytes executable File C:\Windows\system32\drivers\mfeclnk.sys 10248 bytes executable File C:\Windows\system32\drivers\mfefirek.sys 481768 bytes executable File C:\Windows\system32\drivers\mfehidk.sys 752672 bytes executable File C:\Windows\system32\drivers\mfenlfk.sys 75808 bytes executable File C:\Windows\system32\drivers\mferkdet.sys 100912 bytes executable File C:\Windows\system32\drivers\mfewfpk.sys 335784 bytes executable File C:\ProgramData\McAfee 0 bytes File C:\ProgramData\OneKey Reminder 0 bytes File C:\ProgramData\Partner 0 bytes ---- Services - GMER 2.1 ---- Service C:\Windows\system32\nvvsvc.exe [AUTO] nvsvc <-- ROOTKIT !!! ---- EOF - GMER 2.1 ----