GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-08 09:56:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwlirfoc.sys


---- System - GMER 1.0.15 ----

SSDT            FEB91890                                                                           ZwConnectPort

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\SearchIndexer.exe[712] kernel32.dll!WriteFile                  7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                             SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                           SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                          SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                          SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                           SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                           fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations  ???G? ???????G?????L????\Device\Null??????$??G??????????\Device\NamedPipe???NO???????l????"??G?????N????\DosDevices\LPT1?????????G?????C????\Device\Mup??????G?G?G?G?G?G?????\?]?\??lz32.dll????? ???????F???????????8????????,????????????t????11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484 11484??3???????????????????????????-???????????????????????????????????F?F?F?F?F?F?G?G?G?G?G??0401?????G?G?G???-?-?-?-?-?-?.?.?.?.ne??? ???????)???????????,? ??????????or?????????????????i??????????si???????G???i?????????????sch??ges.?????????????????????????????-??????????????e??????P? ???????????????G???????y??perfnet.dll??????? ??G?????????t????52 262 330 1300???????$??G??????????OpenNetSvcsObject????????-??????????????\TEMP???? ???????F???????????G????????>???????????e??????????????????????????????s???????????????????????????????????G???????????????????????????????????????????????????????G???????????????G???????????$??? ???????F?????

---- EOF - GMER 1.0.15 ----