GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-05-24 23:57:01 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAAC741DA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xAAC747AE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xAAC761EA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xAAC75B9C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xAAC73950] SSDT \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) ZwCreateSection [0xAA1F2FE0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAAC77B7C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xAAC745AE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xAAC73D92] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xAAC73F92] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xAAC75EAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xAAC78084] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xAAC740A8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xAAC74110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xAAC75D5E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xAAC77620] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xAAC759F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xAAC73AB2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xAAC743B2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xAAC77BA6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xAAC742FE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xAAC74178] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xAAC73E7C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xAAC73C5A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xAAC77888] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xAAC735D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xAAC76A74] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xAAC73734] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xAAC77F56] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xAAC733D0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xAAC7608C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xAAC746AC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xAAC7771A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xAAC77BD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xAAC73B08] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xAAC77CB4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xAAC77DE0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xAAC7754C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xAAC7447E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xAAC744F0] Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF8C 5 Bytes JMP AAC8B626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF90C 5 Bytes JMP AAC8B9E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) .text ntkrnlpa.exe!ZwCallbackReturn + 2C38 805044A4 4 Bytes JMP 4CAAC761 .text ntkrnlpa.exe!ZwCallbackReturn + 2EF5 80504761 7 Bytes [7F, C7, AA, D0, 33, C7, AA] .text ntkrnlpa.exe!ZwCallbackReturn + 2FB0 8050481C 12 Bytes [B4, 7C, C7, AA, E0, 7D, C7, ...] ---- User code sections - GMER 1.0.15 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[868] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[868] USER32.dll!VRipOutput + FFFA5005 77D42A88 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD } ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1148] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1148] USER32.dll!VRipOutput + FFFA5005 77D42A88 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD } .text C:\WINDOWS\Explorer.EXE[1160] SHELL32.dll!SHFileOperationW 7CA6FDEE 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\Program Files\Microsoft Office\Office12\GROOVE.EXE[7140] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 32605629 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6CDF670] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6CDF670] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00563040] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00562E90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00562E90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00563040] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00562E90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00563040] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00562E90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00562F60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00563040] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00562E90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetFocus] [0053F910] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00562E90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00563040] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00562F60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetFocus] [0053F910] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0053F3D0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0053F4E0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollPos] [0053F430] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00562E90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00563040] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00562F60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetFocus] [0053F910] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [00562F60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00562E90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetFocus] [0053F910] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00562F60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00563040] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00562E90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00562E90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00562E90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00562F60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00563120] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00562DC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) IAT C:\Program Files\ooVoo\oovoo.exe[5152] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetFocus] [0053F910] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----