GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-29 11:47:09 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0002 Running: 6yrsngx0.exe; Driver: C:\DOCUME~1\z00269rd\LOCALS~1\Temp\pwrcrpog.sys ---- System - GMER 1.0.15 ---- SSDT 82A3DEC0 ZwCreateKey SSDT 82A3F060 ZwCreateMutant SSDT 82A3D3C0 ZwCreateProcess SSDT 82A3D680 ZwCreateProcessEx SSDT 82A3ED20 ZwCreateThread SSDT 82A3E440 ZwDeleteKey SSDT 82A3E700 ZwDeleteValueKey SSDT 82A3EEC0 ZwLoadDriver SSDT 82A3D940 ZwOpenProcess SSDT 82A3F200 ZwSetSystemInformation SSDT 82A3E180 ZwSetValueKey SSDT 82A3DC00 ZwTerminateProcess SSDT 82A3EB80 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text iaStor.sys B9D7B74C 1 Byte [CC] {INT 3 } ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe[1076] kernel32.dll!SetErrorMode 7C80ACAF 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe[1076] USER32.dll!MessageBoxA 7E4507EA 1 Byte [CC] {INT 3 } .text C:\Program Files\Internet Explorer\iexplore.exe[1148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215561 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1148] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B9D C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1148] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD205 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1148] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546CA C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7957 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7889 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E78F4 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E775A C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77BC C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79BA C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E781E C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1148] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDC80 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1148] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E7CBF C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[1260] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00E7E8D9 C:\Program Files\Windows Desktop Search\mssrch.dll (Microsoft Embedded Search/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215561 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B9D C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD205 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546CA C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7957 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7889 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E78F4 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E775A C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77BC C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79BA C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E781E C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDC80 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3452] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E7CBF C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215561 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B9D C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD205 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546CA C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7957 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7889 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E78F4 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E775A C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77BC C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79BA C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E781E C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDC80 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4052] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E7CBF C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215561 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7957 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7889 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E78F4 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E775A C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77BC C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79BA C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E781E C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215561 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B9D C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD205 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546CA C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7957 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7889 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E78F4 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E775A C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77BC C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79BA C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E781E C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDC80 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5104] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E7CBF C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215561 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B9D C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD205 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546CA C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7957 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7889 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E78F4 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E775A C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77BC C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79BA C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E781E C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDC80 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5816] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E7CBF C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe[5908] kernel32.dll!SetErrorMode 7C80ACAF 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe[5908] USER32.dll!MessageBoxA 7E4507EA 1 Byte [CC] {INT 3 } ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[1148] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1460] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00FC2BC8] C:\WINNT\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1460] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [00FC2CE9] C:\WINNT\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1460] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] [00FC2CB8] C:\WINNT\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) IAT C:\Program Files\Internet Explorer\iexplore.exe[3452] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[3468] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[4052] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5816] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SGEFLT.SYS (SafeGuard Easy PnP Disk Filter Driver/Utimaco Safeware AG) AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) ---- Threads - GMER 1.0.15 ---- Thread System [4:156] 88AAB0F4 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ----