GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-17 22:32:53 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: G:\DOCUME~1\CARLBR~1\LOCALS~1\Temp\fxldqpod.sys ---- User code sections - GMER 1.0.15 ---- .text G:\Program Files\Internet Explorer\iexplore.exe[700] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A .text G:\Program Files\Internet Explorer\iexplore.exe[700] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A .text G:\Program Files\Internet Explorer\iexplore.exe[700] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C .text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100EC20C G:\Program Files\live-tv-software\tbliv0.dll (Conduit Toolbar/Conduit Ltd.) .text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100EC3DC G:\Program Files\live-tv-software\tbliv0.dll (Conduit Toolbar/Conduit Ltd.) .text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A .text G:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84] .text G:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A .text G:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C .text G:\WINDOWS\System32\svchost.exe[1276] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02F0000A .text G:\WINDOWS\System32\svchost.exe[1276] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 02EF000A .text G:\WINDOWS\Explorer.EXE[2008] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A .text G:\WINDOWS\Explorer.EXE[2008] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A .text G:\WINDOWS\Explorer.EXE[2008] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C .text G:\Program Files\Internet Explorer\iexplore.exe[2684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A .text G:\Program Files\Internet Explorer\iexplore.exe[2684] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A .text G:\Program Files\Internet Explorer\iexplore.exe[2684] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C .text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 100EC20C G:\Program Files\live-tv-software\tbliv0.dll (Conduit Toolbar/Conduit Ltd.) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100EC3DC G:\Program Files\live-tv-software\tbliv0.dll (Conduit Toolbar/Conduit Ltd.) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text G:\Program Files\Internet Explorer\iexplore.exe[2684] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT G:\Program Files\Internet Explorer\iexplore.exe[2684] @ G:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] G:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C6200 series@ChangeID 3252796 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C6200 series (Copy 1)@ChangeID 3252796 ---- Files - GMER 1.0.15 ---- File G:\Documents and Settings\NetworkService\Cookies\system@spotxchange[2].txt 0 bytes ---- EOF - GMER 1.0.15 ----