Tech Support Forum - View Single Post

Mechrobioticon · 06-28-2009, 08:29 AM

Wow that was fast.

Thank you. Seriously.

Anyway, here's the ark.txt:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-28 09:24:23
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

Code 84C95120 ZwEnumerateKey
Code 84C98120 ZwFlushInstructionCache
Code 84C8711E IofCallDriver
Code 84C6916E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 84C87123
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 84C69173
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 84C98124
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP 84C95124

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[652] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0062000A
.text C:\Program Files\iPod\bin\iPodService.exe[688] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0070000A
.text C:\WINDOWS\system32\services.exe[696] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A000A
.text C:\WINDOWS\system32\lsass.exe[708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0096000A
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [ole32.dll!CoCreateInstance] 7FEF2B60
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [USER32.dll!GetMessageW] 7FEF1FCF
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [USER32.dll!PeekMessageW] 7FEF1F50
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 7FEF21C7
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] 7FEF2272
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 7FEF21C7
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 7FEF200D
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 7FEF1FCF
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 7FEF1F50
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 7FEF21C7
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 7FEF1F91
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 7FEF1FCF
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 7FEF1F0F
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 7FEF1F50
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 7FEF21C7
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 7FEF21C7
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 7FEF1F50
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 7FEF1FCF
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 7FEF200D
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 7FEF21C7
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\System32\SAMLIB.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 7FEF21C7
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 7FEF1F50
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 7FEF1FCF
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 7FEF200D
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 7FEF21C7
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] 7FEF2272
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 7FEF21C7
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 7FEF21C7
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 7FEF1F91
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 7FEF1FCF
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 7FEF1F0F
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 7FEF1F50
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 7FEF200D
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 7FEF1FCF
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 7FEF1F50
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 7FEF21C7
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 7FEF21C7
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 7FEF21F0
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 7FEF229E
IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1380] 0x02CB0000

---- EOF - GMER 1.0.15 ----

06-28-2009, 08:29 AM	#3 (permalink)
Mechrobioticon Registered User Join Date: Jun 2009 Posts: 5 OS: XP	Re: Overclick.cn Spyware Wow that was fast. Thank you. Seriously. Anyway, here's the ark.txt: GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-28 09:24:23 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- Code 84C95120 ZwEnumerateKey Code 84C98120 ZwFlushInstructionCache Code 84C8711E IofCallDriver Code 84C6916E IofCompleteRequest ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 84C87123 .text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 84C69173 PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 84C98124 PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP 84C95124 ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\winlogon.exe[652] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0062000A .text C:\Program Files\iPod\bin\iPodService.exe[688] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0070000A .text C:\WINDOWS\system32\services.exe[696] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A000A .text C:\WINDOWS\system32\lsass.exe[708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A .text C:\WINDOWS\system32\Ati2evxx.exe[888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0096000A .text ... ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [ole32.dll!CoCreateInstance] 7FEF2B60 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [USER32.dll!GetMessageW] 7FEF1FCF IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\Explorer.EXE [USER32.dll!PeekMessageW] 7FEF1F50 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 7FEF21C7 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] 7FEF2272 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 7FEF21C7 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 7FEF200D IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 7FEF1FCF IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 7FEF1F50 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 7FEF21C7 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 7FEF1F91 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 7FEF1FCF IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 7FEF1F0F IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 7FEF1F50 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 7FEF21C7 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 7FEF21C7 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 7FEF1F50 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 7FEF1FCF IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 7FEF200D IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 7FEF21C7 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\System32\SAMLIB.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 7FEF21C7 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 7FEF1F50 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 7FEF1FCF IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 7FEF200D IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 7FEF21C7 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] 7FEF2272 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 7FEF21C7 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 7FEF21C7 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 7FEF1F91 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 7FEF1FCF IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 7FEF1F0F IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 7FEF1F50 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 7FEF200D IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 7FEF1FCF IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 7FEF1F50 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 7FEF21C7 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 7FEF2050 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 7FEF21C7 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 7FEF20AA IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 7FEF2AA8 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 7FEF21F0 IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 7FEF229E IAT C:\Program Files\Last.fm\LastFM.exe[3112] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 7FEF29F0 ---- Processes - GMER 1.0.15 ---- Library C:\Program (* hidden * ) @ C:\WINDOWS\Explorer.EXE [1380] 0x02CB0000 ---- EOF - GMER 1.0.15 ----