GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-08 08:01:29 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Hitachi_HDT721032SLA360 rev.ST2OA3AA Running: uixoxsbn.exe; Driver: C:\Users\Ania\AppData\Local\Temp\pxldrpow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8E776620] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 854 81EB9E78 4 Bytes [20, 66, 77, 8E] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DC02000, 0x2D5046, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[4952] ntdll.dll!LdrLoadDll 774679B3 5 Bytes JMP 62865B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74558864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74599855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7455B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7454FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74557A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7454EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7458B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7455BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74550756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745506BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745471B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [745DD9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74577329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7454E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7454697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745469A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74552475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\usbhub \Device\0000005a hcmon.sys Device \Driver\usbhub \Device\0000005b hcmon.sys Device \Driver\usbhub \Device\0000005c hcmon.sys Device \Driver\usbhub \Device\0000005d hcmon.sys Device \Driver\usbhub \Device\0000005e hcmon.sys Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys ---- Files - GMER 1.0.15 ---- File C:\Windows\$NtUninstallKB12850$\1832820979 0 bytes File C:\Windows\$NtUninstallKB12850$\1832820979\@ 2048 bytes File C:\Windows\$NtUninstallKB12850$\1832820979\L 0 bytes File C:\Windows\$NtUninstallKB12850$\1832820979\L\qnbwvoto 66560 bytes File C:\Windows\$NtUninstallKB12850$\1832820979\loader.tlb 2632 bytes File C:\Windows\$NtUninstallKB12850$\1832820979\U 0 bytes File C:\Windows\$NtUninstallKB12850$\1832820979\U\@00000001 45968 bytes File C:\Windows\$NtUninstallKB12850$\1832820979\U\@000000c0 2560 bytes File C:\Windows\$NtUninstallKB12850$\1832820979\U\@000000cb 3072 bytes File C:\Windows\$NtUninstallKB12850$\1832820979\U\@000000cf 1536 bytes File C:\Windows\$NtUninstallKB12850$\1832820979\U\@80000000 73216 bytes File C:\Windows\$NtUninstallKB12850$\1832820979\U\@800000c0 42496 bytes File C:\Windows\$NtUninstallKB12850$\1832820979\U\@800000cb 25600 bytes File C:\Windows\$NtUninstallKB12850$\1832820979\U\@800000cf 31232 bytes File C:\Windows\$NtUninstallKB12850$\4220266113 0 bytes ---- EOF - GMER 1.0.15 ----