Cyber Tech Help Support Forums - View Single Post

tamwood · #6 March 19th, 2012, 06:21 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-18 01:05:40
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9A300 rev.FBEOC40C
Running: hmmwzjh2.exe; Driver: C:\Users\leigh\AppData\Local\Temp\pgtdrpod.sys

---- Kernel code sections - GMER 1.0.15 ----

C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xA91AF41C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xA91B0000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[3264] SHELL32.dll!InitNetworkAddressControl + 2939 7632006C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73EF8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F39855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73EFB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73EEFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73EF7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73EEEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F2B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73EFBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73EF0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73EF06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73EE71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73F7D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F17329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73EEE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73EE697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73EE69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73EF2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3d c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[3264] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [6708F563] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----