GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-10 17:49:13 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\0000005f ST3250310AS rev.4.AAA Running: 5qh5hbsw.exe; Driver: C:\DOCUME~1\-\USTAWI~1\Temp\ffgyapoc.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1888] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3200] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3252] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[3468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01210C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3468] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01447B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3468] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01447B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3468] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 01213FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3468] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01447AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] USER32.dll!GetWindowLongW 7E3688A6 5 Bytes JMP 6301C5B5 C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] USER32.dll!GetWindowLongA 7E36945D 5 Bytes JMP 6301C531 C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes JMP 6301C65D C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] USER32.dll!GetWindowRect 7E3790B4 5 Bytes JMP 6301CE37 C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 6301CC22 C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] USER32.dll!MoveWindow 7E37B29E 5 Bytes JMP 6301CA17 C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 6301C455 C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 6301C4C3 C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] USER32.dll!GetWindowPlacement 7E3803C7 5 Bytes JMP 6301C804 C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4048] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 105CDF63 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4048] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 105CDEF2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4048] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10414536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4048] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 10414B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ExitThread] [63027225] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [63027199] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [63027199] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [63027199] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [63058606] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [630271C3] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63027199] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ExitThread] [63027225] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [04131850] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [04131890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowLongA] [041315B0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowLongW] [041315E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63058582] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [630272B1] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [630272D9] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [04131530] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [04131570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [63027443] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [63027480] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [041314A0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [63054634] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [63053938] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] [63027225] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [GDI32.dll!DeleteObject] [63058606] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [63027199] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExA] [630271C3] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TrackPopupMenuEx] [630272D9] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CreateWindowExW] [63027480] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] [04131850] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowLongW] [04131570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetWindowLongW] [041315E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DeferWindowPos] [041314A0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetSysColor] [63058582] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] [04131890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetSysColorBrush] [63058639] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!FillRect] [63026FC0] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DrawFrameControl] [6301D3AB] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TrackPopupMenu] [630272B1] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CallWindowProcW] [63054634] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetScrollInfo] [04131750] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetWindowLongA] [041315B0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [63058606] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63027199] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [630271C3] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [63058582] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [63054634] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [63027443] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [04131890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [63027480] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowLongW] [041315E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [04131570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\usb_rndis \Device\{0883629E-DCF8-4C04-BD09-61FA4A4FD000} RNDISMP.SYS (Remote NDIS Miniport/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF9 0x46 0x4C 0xA9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF9 0x46 0x4C 0xA9 ... ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\Temp\HTTAA9.tmp 921600 bytes ---- EOF - GMER 1.0.15 ----