GMER LOG::
GMER 1.0.15.15641 -
http://www.gmer.net
Rootkit scan 2012-03-12 08:29:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: 4jtuc65q.exe; Driver: C:\Users\Jamie\AppData\Local\Temp\uxtiqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB38E1F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB38E1FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB38E2080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB38E211C]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 3F1 822EEB74 4 Bytes [3C, 1F, 8E, B3]
.text ntkrnlpa.exe!KeSetEvent + 621 822EEDA4 8 Bytes [E4, 1F, 8E, B3, 80, 20, 8E, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 822EEE04 4 Bytes [1C, 21, 8E, B3]
.text C:\Windows\system32\drivers\afd.sys section is writeable [0x93CA4000, 0x9C71, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtProtectVirtualMemory 76E14BA4 5 Bytes JMP 0120000A
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory 76E154E4 5 Bytes JMP 0125000A
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!KiUserExceptionDispatcher 76E15C28 5 Bytes JMP 010E000A
.text C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe[3320] ntdll.dll!DbgBreakPoint 76DF878E 1 Byte [90]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73097817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [730EA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7309BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7308F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [730975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7308E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [730C8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7309DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7308FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7308FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [730871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7311CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [730BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7308D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73086853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7308687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73092AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Process PING.EXE (*** hidden *** ) 1192
Process C:\Windows\System32\ping.exe (*** hidden *** ) 3804
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\InprocServer32@ C:\nDoors\Atlantica\StmOCX.dll?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\InprocServer32@ThreadingModel Apartment??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\Programmable
Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\TypeLib
Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\TypeLib@ {0AB6D809-3081-494F-BD93-D58F480BF0E3}??????????????????????????????????????????????????????????????????????????????????????????
---- Files - GMER 1.0.15 ----
File C:\Windows\$NtUninstallKB36441$\2453711976 0 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684 0 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\@ 2048 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\cfg.ini 298 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\L 0 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\L\qnbwvoto 273408 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\oemid 15 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U 0 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\U\80000032.@ 96256 bytes
File C:\Windows\$NtUninstallKB36441$\2956803684\version 861 bytes
---- EOF - GMER 1.0.15 ----