GMER 1.0.15.15077 [gmer.exe] -
http://www.gmer.net
Rootkit scan 2009-08-30 12:17:03
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xF79BD4D0]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xF79BD520]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB6F2A6D0]
---- Kernel code sections - GMER 1.0.15 ----
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP100.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1072] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\87B7C76E.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1072] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\87B7C76E.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1072] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\87B7C76E.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\87B7C76E.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1324] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\87B7C76E.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1324] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\87B7C76E.x86.dll
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\87B7C76E.x86.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\87B7C76E.x86.dll
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\87B7C76E.x86.dll
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\87B7C76E.x86.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\Device\__max++>\87B7C76E.x86.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [1072] 0x35670000
Library \\?\globalroot\Device\__max++>\87B7C76E.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1284] 0x35670000
Library \\?\globalroot\Device\__max++>\87B7C76E.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1324] 0x35670000
Library \\?\globalroot\Device\__max++>\87B7C76E.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1440] 0x35670000
Library \\?\globalroot\Device\__max++>\87B7C76E.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1520] 0x35670000
Library \\?\globalroot\Device\__max++>\87B7C76E.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1616] 0x35670000
Library \\?\globalroot\Device\__max++>\87B7C76E.x86.dll (*** hidden *** ) @ C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe [1652] 0x35670000
Library \\?\globalroot\Device\__max++>\87B7C76E.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3848] 0x35670000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
---- EOF - GMER 1.0.15 ----