GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-27 17:07:20 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.01.0 Running: gmer.exe; Driver: C:\DOCUME~1\Acer\LOCALS~1\Temp\kgldrpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA0845F3C] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA0845FE4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA0846080] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA084611C] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe[1872] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 00158970 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Explorer.EXE[504] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001F00] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) IAT C:\WINDOWS\Explorer.EXE[504] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002AC0] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) IAT C:\WINDOWS\Explorer.EXE[504] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) IAT C:\WINDOWS\Explorer.EXE[504] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [10001F70] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) IAT C:\WINDOWS\Explorer.EXE[504] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002E10] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device \FileSystem\Fastfat \Fat kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \FileSystem\Fastfat \Fat mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.) ---- EOF - GMER 1.0.15 ----