GMER 1.0.15.15570 -
http://www.gmer.net
Rootkit scan 2011-04-09 15:17:55
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000060 Hitachi_ rev.P22O
Running: myffbimt.exe; Driver: C:\Users\User\AppData\Local\Temp\kgldapob.sys
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\system32\taskeng.exe[2752] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 1F, 00]
.text C:\Windows\system32\taskeng.exe[2752] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\taskeng.exe[2752] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskeng.exe[2752] WS2_32.dll!connect 771740D9 6 Bytes JMP 71820F5A
.text C:\Windows\system32\taskeng.exe[2752] WS2_32.dll!WSALookupServiceNextW 7717455D 6 Bytes JMP 71790F5A
.text C:\Windows\system32\taskeng.exe[2752] WS2_32.dll!WSALookupServiceBeginW 77174E93 6 Bytes JMP 717C0F5A
.text C:\Windows\system32\taskeng.exe[2752] WS2_32.dll!WSALookupServiceEnd 77175564 6 Bytes JMP 71760F5A
.text C:\Windows\system32\taskeng.exe[2752] WS2_32.dll!listen 77178CD7 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\system32\Dwm.exe[2868] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 0B, 00] {OR AL, [EAX]; OR EAX, [EAX]}
.text C:\Windows\system32\Dwm.exe[2868] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\Dwm.exe[2868] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\Dwm.exe[2868] WS2_32.dll!connect 771740D9 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\Dwm.exe[2868] WS2_32.dll!WSALookupServiceNextW 7717455D 6 Bytes JMP 71760F5A
.text C:\Windows\system32\Dwm.exe[2868] WS2_32.dll!WSALookupServiceBeginW 77174E93 6 Bytes JMP 71790F5A
.text C:\Windows\system32\Dwm.exe[2868] WS2_32.dll!WSALookupServiceEnd 77175564 6 Bytes JMP 71820F5A
.text C:\Windows\system32\Dwm.exe[2868] WS2_32.dll!listen 77178CD7 6 Bytes JMP 717C0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 17, 00]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] WS2_32.dll!connect 771740D9 6 Bytes JMP 717C0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] WS2_32.dll!WSALookupServiceNextW 7717455D 6 Bytes JMP 71820F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] WS2_32.dll!WSALookupServiceBeginW 77174E93 6 Bytes JMP 71760F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] WS2_32.dll!WSALookupServiceEnd 77175564 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] WS2_32.dll!listen 77178CD7 6 Bytes JMP 71790F5A
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\system32\wuauclt.exe[3908] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 77, 00] {OR AL, [EAX]; JA 0x4}
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\wuauclt.exe[3908] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\wuauclt.exe[3908] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [7F, 71] {JG 0x73}
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [85, 71]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [7C, 71] {JL 0x73}
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [82, 71]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [8A, 71]
.text C:\Windows\System32\rundll32.exe[3940] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 1D, 00]
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 71970F5A
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 71940F5A
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71A60F5A
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!SendInput + 4 75B82F79 2 Bytes [9F, 71]
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\rundll32.exe[3940] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 718E0F5A
.text C:\Windows\System32\rundll32.exe[3940] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71910F5A
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\System32\mobsync.exe[4184] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 1F, 00]
.text C:\Windows\System32\mobsync.exe[4184] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\System32\mobsync.exe[4184] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 1D, 00]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] WS2_32.dll!connect 771740D9 6 Bytes JMP 717C0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] WS2_32.dll!WSALookupServiceNextW 7717455D 6 Bytes JMP 71820F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] WS2_32.dll!WSALookupServiceBeginW 77174E93 6 Bytes JMP 71760F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] WS2_32.dll!WSALookupServiceEnd 77175564 6 Bytes JMP 717F0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] WS2_32.dll!listen 77178CD7 6 Bytes JMP 71790F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Users\User\Desktop\myffbimt.exe[5024] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 37, 00]
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [7F, 71] {JG 0x73}
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [85, 71]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [7C, 71] {JL 0x73}
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [82, 71]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [8A, 71]
.text C:\Windows\System32\rundll32.exe[7700] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 0E, 00]
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 71970F5A
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 71940F5A
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71A60F5A
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!SendInput + 4 75B82F79 2 Bytes [9F, 71]
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\rundll32.exe[7700] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 718E0F5A
.text C:\Windows\System32\rundll32.exe[7700] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71910F5A
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\explorer.exe[7772] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 19, 00] {OR AL, [EAX]; SBB [EAX], EAX}
.text C:\Windows\explorer.exe[7772] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\explorer.exe[7772] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\explorer.exe[7772] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\explorer.exe[7772] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\explorer.exe[7772] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\explorer.exe[7772] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\explorer.exe[7772] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\explorer.exe[7772] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[7772] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\explorer.exe[7772] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Windows\explorer.exe[7772] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 75FBB37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
.text C:\Windows\explorer.exe[7772] WS2_32.dll!connect 771740D9 6 Bytes JMP 71790F5A
.text C:\Windows\explorer.exe[7772] WS2_32.dll!WSALookupServiceNextW 7717455D 6 Bytes JMP 71700F5A
.text C:\Windows\explorer.exe[7772] WS2_32.dll!WSALookupServiceBeginW 77174E93 6 Bytes JMP 71730F5A
.text C:\Windows\explorer.exe[7772] WS2_32.dll!WSALookupServiceEnd 77175564 6 Bytes JMP 716D0F5A
.text C:\Windows\explorer.exe[7772] WS2_32.dll!listen 77178CD7 6 Bytes JMP 71760F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 1B, 00] {OR AL, [EAX]; SBB EAX, [EAX]}
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] WS2_32.dll!connect 771740D9 6 Bytes JMP 717C0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] WS2_32.dll!WSALookupServiceNextW 7717455D 6 Bytes JMP 71820F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] WS2_32.dll!WSALookupServiceBeginW 77174E93 6 Bytes JMP 71760F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] WS2_32.dll!WSALookupServiceEnd 77175564 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] WS2_32.dll!listen 77178CD7 6 Bytes JMP 71790F5A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73F17817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73F6A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73F1BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73F0F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73F175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73F0E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F48395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73F1DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73F0FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73F0FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73F071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73F9CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73F3C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73F0D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73F06853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73F0687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73F12AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [7001F3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.***\OpenWithProgids@\xa0\xa0\xa0_auto_file
---- EOF - GMER 1.0.15 ----