GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-08 21:23:30 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3300622AS rev.3.AAE Running: gmer.exe; Driver: C:\DOCUME~1\test\LOCALS~1\Temp\fgadipob.sys ---- System - GMER 1.0.15 ---- SSDT 8A5353D4 ZwCreateKey SSDT 8A5E76DC ZwCreateMutant SSDT 8A53800C ZwCreateProcess SSDT 8A538B94 ZwCreateProcessEx SSDT 8A6E2BA4 ZwCreateSymbolicLinkObject SSDT 8A531F3C ZwCreateThread SSDT 8A534284 ZwDeleteKey SSDT 8A605274 ZwDeleteValueKey SSDT 8A69B6EC ZwDuplicateObject SSDT 8A7DE854 ZwLoadDriver SSDT 8A5383FC ZwOpenProcess SSDT 8A4F7D2C ZwOpenSection SSDT 8A53712C ZwOpenThread SSDT 8A53374C ZwRenameKey SSDT 8A5332D4 ZwRestoreKey SSDT 8A416914 ZwSetSystemInformation SSDT 8A53489C ZwSetValueKey SSDT 8A5370F4 ZwTerminateProcess SSDT 8A5367BC ZwTerminateThread SSDT 8A62E2BC ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 4 Bytes CALL E364D086 .text C:\windows\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D36360, 0x32DEFD, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\windows\system32\SearchIndexer.exe[556] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\windows\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3528F6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E352877 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3528BB C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E352803 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35283D C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352931 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E201762 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3044] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E352AF3 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip tmeext.sys (Trend Micro EagleEye Driver (XT) (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp tmeext.sys (Trend Micro EagleEye Driver (XT) (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\Udp tmeext.sys (Trend Micro EagleEye Driver (XT) (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp tmeext.sys (Trend Micro EagleEye Driver (XT) (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) ---- EOF - GMER 1.0.15 ----