GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-08 19:09:24 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250620A rev.3.AAD Running: ex2fj7om.exe; Driver: C:\Users\Robert\AppData\Local\Temp\fgdyrpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x886F828A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x88712342] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x88712678] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x887129EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x886F8D04] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8871202A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x886F9276] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x886F9164] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x887124E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x886F8046] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x886F938E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x886F88BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x886F8A2A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x886F94A6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x887125B0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x886F974E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x886F8D46] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x886FA750] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x886F9840] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x886F9DAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x88710840] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x886F9308] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x886F91F0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x886F84C4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x886F9B90] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x886F9420] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x886F83B8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x886F955C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x88710A38] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x886FA0D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x886F99E0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x887127DC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8871272A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x88712848] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x886FA5F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x887121B2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x886F8BA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x886F95FA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x886FA222] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x886FA316] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x886FA450] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x886F9670] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x886F8664] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x886F85BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x886F9F8A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x886F8750] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82A45359 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82A85DAC 4 Bytes [8A, 82, 6F, 88] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82A85DD4 8 Bytes [42, 23, 71, 88, 78, 26, 71, ...] {INC EDX; AND ESI, [ECX-0x78]; JS 0x2c; JNO 0xffffffffffffff90} .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82A85E18 4 Bytes [EE, 29, 71, 88] {OUT DX, AL ; SUB [ECX-0x78], ESI} .text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82A85E44 4 Bytes [04, 8D, 6F, 88] .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82A85E68 4 Bytes [2A, 20, 71, 88] {SUB AH, [EAX]; JNO 0xffffffffffffff8c} .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DE1F000, 0x267978, 0xE8000020] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x99A75300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x99AB8300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] ntdll.dll!DbgUiRemoteBreakin 778BF17D 1 Byte [C3] .text C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] USER32.dll!DefWindowProcA 7635BB1C 5 Bytes JMP 630019AC C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) .text C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] USER32.dll!GetSysColorBrush 7635F1ED 4 Bytes JMP 6305CBDD C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) .text C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] USER32.dll!DefWindowProcW 7636507D 5 Bytes JMP 630019DB C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) .text C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] USER32.dll!GetSysColor 7636DB7A 4 Bytes JMP 6305DA75 C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74652437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74635600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746356BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746524B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74648514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74644CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7464506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74645144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74646671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7464826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746487BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7464901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7464E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74644BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [63029501] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [630295A4] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63029501] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [6305CBAA] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [61001570] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [6305CB26] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61001890] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61001850] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetWindowLongA] [610015B0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [61001530] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!GetSysColorBrush] [6305CBDD] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!DrawFrameControl] [6301E1DC] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!TrackPopupMenu] [630295EF] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowPlacement] [6301D628] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!DeferWindowPos] [610014A0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!TrackPopupMenuEx] [63029617] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!SetScrollInfo] [61001750] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!CallWindowProcW] [6305870E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!SetScrollPos] [61001790] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!MoveWindow] [6301D83B] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowPos] [6301DA46] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!GetSysColor] [6305CB26] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!FillRect] [630292CF] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowRect] [6301DC5B] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!DefWindowProcW] [61001890] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowLongW] [61001570] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [GDI32.dll!DeleteObject] [6305CBAA] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [6305CBAA] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [6305870E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [6305CB26] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [61001890] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowLongW] [61001570] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowRect] [6301DC5B] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ole32.dll [USER32.dll!MoveWindow] [6301D83B] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [63029501] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[1820] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Robert\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1 ---- EOF - GMER 1.0.15 ----