GMER 1.0.15.15570 - http://www.gmer.net Rootkit scan 2011-04-14 13:15:51 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HITACHI_DK23FA-60 rev.00M4A0A2 Running: iyl1m0qq.exe; Driver: C:\DOCUME~1\Lukasz\LOCALS~1\Temp\fwaiqaog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys (PSINProc Filter Driver for XP32/Panda Security, S.L.) ZwTerminateProcess [0xA9E7A416] ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\tifmsony.sys entry point in "init" section [0xF88DD280] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[2072] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 02AC0B00 C:\Documents and Settings\Lukasz\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 02AC0E60 C:\Documents and Settings\Lukasz\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 02AC0D70 C:\Documents and Settings\Lukasz\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 02AC0C80 C:\Documents and Settings\Lukasz\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 02AC0FE0 C:\Documents and Settings\Lukasz\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 02ABFDE0 C:\Documents and Settings\Lukasz\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 02AC10C0 C:\Documents and Settings\Lukasz\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 02ABFF40 C:\Documents and Settings\Lukasz\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2784] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[2784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----