GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-18 15:14:37 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1637GSX rev.DL030M 149.05GB Running: gmer.exe; Driver: C:\Users\Robert\AppData\Local\Temp\uwliqpow.sys ---- System - GMER 2.1 ---- SSDT 8B6F87D6 ZwCreateSection SSDT 8B6F87AE ZwCreateSymbolicLinkObject SSDT 8B6F87B3 ZwLoadDriver SSDT 8B6F87A9 ZwOpenSection SSDT 8B6F87E0 ZwRequestWaitReplyPort SSDT 8B6F87DB ZwSetContextThread SSDT 8B6F87E5 ZwSetSecurityObject SSDT 8B6F87B8 ZwSetSystemInformation SSDT 8B6F87EA ZwSystemDebugControl SSDT 8B6F8777 ZwTerminateProcess SSDT 8B6F8772 ZwWriteVirtualMemory SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateKey [0x82418FEC] SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82418FEC] ZwCreateKey [0x82418FEC] SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenKey [0x82418FF1] SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82418FF1] ZwOpenKey [0x82418FF1] INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 82418FF6 INT 0x06 \??\C:\Windows\system32\drivers\Haspnt.sys A965916D INT 0x0E \??\C:\Windows\system32\drivers\Haspnt.sys A9658FC2 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 1E9 824C47AC 3 Bytes [EC, 8F, 41] .text ntkrnlpa.exe!KeSetEvent + 215 824C47D8 4 Bytes [D6, 87, 6F, 8B] {SALC ; XCHG [EDI-0x75], EBP} .text ntkrnlpa.exe!KeSetEvent + 21D 824C47E0 4 Bytes [AE, 87, 6F, 8B] {SCASB ; XCHG [EDI-0x75], EBP} .text ntkrnlpa.exe!KeSetEvent + 37D 824C4940 4 Bytes [B3, 87, 6F, 8B] .text ntkrnlpa.exe!KeSetEvent + 3DD 824C49A0 3 Bytes [F1, 8F, 41] .text ... .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8975A000, 0x4036D, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x897A3000, 0x510, 0x40000040] ? C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS The system cannot find the path specified. ! ? C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS The system cannot find the path specified. ! .text C:\Windows\system32\DRIVERS\aksfridge.sys section is writeable [0xA967B000, 0x49C57, 0xE0000020] .init C:\Windows\system32\DRIVERS\aksfridge.sys entry point in ".init" section [0xA96D2224] .init C:\Windows\system32\DRIVERS\aksfridge.sys unknown last code section [0xA96D2000, 0x4000, 0xE20000E0] .text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xA96D6400, 0x6EED8, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA9761020] C:\Windows\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA9761020] .protect˙˙˙˙hardlockunknown last code section [0xA9760E00, 0x50BA, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xA9760E00, 0x50BA, 0xE0000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[2176] USER32.dll!EnableWindow 776ECD8B 5 Bytes JMP 6E24A2AC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2176] USER32.dll!DialogBoxParamW 777110B0 5 Bytes JMP 6E1A190B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2176] USER32.dll!DialogBoxIndirectParamW 77712EF5 5 Bytes JMP 6E39EA9A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2176] USER32.dll!DialogBoxParamA 77728152 5 Bytes JMP 6E39EA35 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2176] USER32.dll!DialogBoxIndirectParamA 7772847D 5 Bytes JMP 6E39EAFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2176] USER32.dll!MessageBoxIndirectA 7773D4D9 5 Bytes JMP 6E39E9BC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2176] USER32.dll!MessageBoxIndirectW 7773D5D3 5 Bytes JMP 6E39E943 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2176] USER32.dll!MessageBoxExA 7773D639 5 Bytes JMP 6E39E8DF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2176] USER32.dll!MessageBoxExW 7773D65D 5 Bytes JMP 6E39E87B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] ntdll.dll!RtlExitUserThread 775E1C5F 5 Bytes JMP 6E39F0EC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] kernel32.dll!TerminateThread 773244DB 5 Bytes JMP 6E39F105 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] kernel32.dll!CreateThread 7732CBEE 5 Bytes JMP 6E2074F3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!CreateDialogParamW 776E72A2 5 Bytes JMP 6E39EE04 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!GetAsyncKeyState 776E863C 5 Bytes JMP 6E1EDEAD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!SetWindowsHookExW 776E87AD 5 Bytes JMP 6E24298C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!CallNextHookEx 776E8E3B 5 Bytes JMP 6E267CCF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!UnhookWindowsHookEx 776E98DB 5 Bytes JMP 6E28E230 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!EnableWindow 776ECD8B 5 Bytes JMP 6E24A2AC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DefWindowProcA 776EDB88 7 Bytes JMP 6E209729 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!CreateWindowExA 776EDC2A 5 Bytes JMP 6E213543 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!CreateWindowExW 776F1305 5 Bytes JMP 6E27005B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!GetKeyState 776F8CB1 5 Bytes JMP 6E1EDD87 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DefWindowProcW 777003B4 7 Bytes JMP 6E267D32 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!IsDialogMessageW 77700745 5 Bytes JMP 6E39F5D7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!CreateDialogParamA 777017AA 5 Bytes JMP 6E39EDCC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!IsDialogMessage 77701847 5 Bytes JMP 6E39F5AF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!CreateDialogIndirectParamA 777026F1 5 Bytes JMP 6E39EE3C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!CreateDialogIndirectParamW 77709A62 5 Bytes JMP 6E39EE74 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!SetKeyboardState 77710987 5 Bytes JMP 6E39FEC9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DialogBoxParamW 777110B0 5 Bytes JMP 6E1A190B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DialogBoxIndirectParamW 77712EF5 5 Bytes JMP 6E39EA9A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!SendInput 77712F75 5 Bytes JMP 6E39FE71 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!EndDialog 7771326E 5 Bytes JMP 6E39F883 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!SetCursorPos 77726FB2 5 Bytes JMP 6E39FF4A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DialogBoxParamA 77728152 5 Bytes JMP 6E39EA35 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DialogBoxIndirectParamA 7772847D 5 Bytes JMP 6E39EAFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!MessageBoxIndirectA 7773D4D9 5 Bytes JMP 6E39E9BC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!MessageBoxIndirectW 7773D5D3 5 Bytes JMP 6E39E943 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!MessageBoxExA 7773D639 5 Bytes JMP 6E39E8DF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!MessageBoxExW 7773D65D 5 Bytes JMP 6E39E87B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!keybd_event 7773D972 5 Bytes JMP 6E39FE2E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3596] SHELL32.dll!SHRestricted + D95 761988D8 4 Bytes [CF, 01, 16, 6B] .text C:\Program Files\Internet Explorer\iexplore.exe[3596] SHELL32.dll!SHRestricted + D9D 761988E0 8 Bytes [E0, 61, 15, 6B, 79, F7, 15, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[3596] ole32.dll!OleLoadFromStream 771B1E80 5 Bytes JMP 6E39F2E1 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] ntdll.dll!RtlExitUserThread 775E1C5F 5 Bytes JMP 6E39F0EC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] kernel32.dll!TerminateThread 773244DB 5 Bytes JMP 6E39F105 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] kernel32.dll!CreateThread 7732CBEE 5 Bytes JMP 6E2074F3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateDialogParamW 776E72A2 5 Bytes JMP 6E39EE04 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!GetAsyncKeyState 776E863C 5 Bytes JMP 6E1EDEAD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!SetWindowsHookExW 776E87AD 5 Bytes JMP 6E24298C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CallNextHookEx 776E8E3B 5 Bytes JMP 6E267CCF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!UnhookWindowsHookEx 776E98DB 5 Bytes JMP 6E28E230 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!EnableWindow 776ECD8B 5 Bytes JMP 6E24A2AC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DefWindowProcA 776EDB88 7 Bytes JMP 6E209729 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateWindowExA 776EDC2A 5 Bytes JMP 6E213543 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateWindowExW 776F1305 5 Bytes JMP 6E27005B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!GetKeyState 776F8CB1 5 Bytes JMP 6E1EDD87 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DefWindowProcW 777003B4 7 Bytes JMP 6E267D32 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!IsDialogMessageW 77700745 5 Bytes JMP 6E39F5D7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateDialogParamA 777017AA 5 Bytes JMP 6E39EDCC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!IsDialogMessage 77701847 5 Bytes JMP 6E39F5AF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateDialogIndirectParamA 777026F1 5 Bytes JMP 6E39EE3C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateDialogIndirectParamW 77709A62 5 Bytes JMP 6E39EE74 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!SetKeyboardState 77710987 5 Bytes JMP 6E39FEC9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxParamW 777110B0 5 Bytes JMP 6E1A190B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxIndirectParamW 77712EF5 5 Bytes JMP 6E39EA9A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!SendInput 77712F75 5 Bytes JMP 6E39FE71 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!EndDialog 7771326E 5 Bytes JMP 6E39F883 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!SetCursorPos 77726FB2 5 Bytes JMP 6E39FF4A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxParamA 77728152 5 Bytes JMP 6E39EA35 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxIndirectParamA 7772847D 5 Bytes JMP 6E39EAFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxIndirectA 7773D4D9 5 Bytes JMP 6E39E9BC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxIndirectW 7773D5D3 5 Bytes JMP 6E39E943 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxExA 7773D639 5 Bytes JMP 6E39E8DF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxExW 7773D65D 5 Bytes JMP 6E39E87B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!keybd_event 7773D972 5 Bytes JMP 6E39FE2E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3768] SHELL32.dll!SHRestricted + D95 761988D8 4 Bytes [CF, 01, 16, 6B] .text C:\Program Files\Internet Explorer\iexplore.exe[3768] SHELL32.dll!SHRestricted + D9D 761988E0 8 Bytes [E0, 61, 15, 6B, 79, F7, 15, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[3768] ole32.dll!OleLoadFromStream 771B1E80 5 Bytes JMP 6E39F2E1 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] ntdll.dll!RtlExitUserThread 775E1C5F 5 Bytes JMP 6E39F0EC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] kernel32.dll!TerminateThread 773244DB 5 Bytes JMP 6E39F105 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] kernel32.dll!CreateThread 7732CBEE 5 Bytes JMP 6E2074F3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!CreateDialogParamW 776E72A2 5 Bytes JMP 6E39EE04 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!GetAsyncKeyState 776E863C 5 Bytes JMP 6E1EDEAD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!SetWindowsHookExW 776E87AD 5 Bytes JMP 6E24298C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!CallNextHookEx 776E8E3B 5 Bytes JMP 6E267CCF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!UnhookWindowsHookEx 776E98DB 5 Bytes JMP 6E28E230 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!EnableWindow 776ECD8B 5 Bytes JMP 6E24A2AC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!DefWindowProcA 776EDB88 7 Bytes JMP 6E209729 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!CreateWindowExA 776EDC2A 5 Bytes JMP 6E213543 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!CreateWindowExW 776F1305 5 Bytes JMP 6E27005B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!GetKeyState 776F8CB1 5 Bytes JMP 6E1EDD87 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!DefWindowProcW 777003B4 7 Bytes JMP 6E267D32 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!IsDialogMessageW 77700745 5 Bytes JMP 6E39F5D7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!CreateDialogParamA 777017AA 5 Bytes JMP 6E39EDCC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!IsDialogMessage 77701847 5 Bytes JMP 6E39F5AF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!CreateDialogIndirectParamA 777026F1 5 Bytes JMP 6E39EE3C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!CreateDialogIndirectParamW 77709A62 5 Bytes JMP 6E39EE74 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!SetKeyboardState 77710987 5 Bytes JMP 6E39FEC9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!DialogBoxParamW 777110B0 5 Bytes JMP 6E1A190B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!DialogBoxIndirectParamW 77712EF5 5 Bytes JMP 6E39EA9A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!SendInput 77712F75 5 Bytes JMP 6E39FE71 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!EndDialog 7771326E 5 Bytes JMP 6E39F883 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!SetCursorPos 77726FB2 5 Bytes JMP 6E39FF4A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!DialogBoxParamA 77728152 5 Bytes JMP 6E39EA35 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!DialogBoxIndirectParamA 7772847D 5 Bytes JMP 6E39EAFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!MessageBoxIndirectA 7773D4D9 5 Bytes JMP 6E39E9BC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!MessageBoxIndirectW 7773D5D3 5 Bytes JMP 6E39E943 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!MessageBoxExA 7773D639 5 Bytes JMP 6E39E8DF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!MessageBoxExW 7773D65D 5 Bytes JMP 6E39E87B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] USER32.dll!keybd_event 7773D972 5 Bytes JMP 6E39FE2E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4384] SHELL32.dll!SHRestricted + D95 761988D8 4 Bytes [CF, 01, 16, 6B] .text C:\Program Files\Internet Explorer\iexplore.exe[4384] SHELL32.dll!SHRestricted + D9D 761988E0 8 Bytes [E0, 61, 15, 6B, 79, F7, 15, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4384] ole32.dll!OleLoadFromStream 771B1E80 5 Bytes JMP 6E39F2E1 C:\Windows\system32\IEFRAME.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73847817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73885EFD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7384BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7383F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [738475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7383E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [738992D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7384DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7383FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7383FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [738CCB4D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7386C840] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7383D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73836853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7383687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73842AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19299_none_9e595caeca0ff663\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.sys Device \Driver\partmgr \Device\PartmgrControl aksfridge.sys Device \Driver\aksusb \Device\0000007d AKSCLASS.SYS Device \Driver\aksusb \Device\0000007e AKSCLASS.SYS AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Processes - GMER 2.1 ---- Library C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (*** hidden *** ) @ C:\Windows\Explorer.EXE [1984] 0x10000000 ---- Files - GMER 2.1 ---- File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 65536 bytes ---- EOF - GMER 2.1 ----