GMER 2.1.18952 - http://www.gmer.net Rootkit scan 2013-02-16 12:25:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 298,09GB Running: q29mozqi.exe; Driver: C:\Users\GARNCA~1\AppData\Local\Temp\pgloifob.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\SysWOW64\svchost.exe[1976] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075121465 2 bytes [12, 75] .text C:\windows\SysWOW64\svchost.exe[1976] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751214bb 2 bytes [12, 75] .text ... * 2 .text C:\windows\SysWOW64\PnkBstrA.exe[2328] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000070311a22 2 bytes [31, 70] .text C:\windows\SysWOW64\PnkBstrA.exe[2328] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000070311ad0 2 bytes [31, 70] .text C:\windows\SysWOW64\PnkBstrA.exe[2328] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000070311b08 2 bytes [31, 70] .text C:\windows\SysWOW64\PnkBstrA.exe[2328] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000070311bba 2 bytes [31, 70] .text C:\windows\SysWOW64\PnkBstrA.exe[2328] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000070311bda 2 bytes [31, 70] .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2608] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075121465 2 bytes [12, 75] .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2608] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751214bb 2 bytes [12, 75] .text ... * 2 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3212] C:\windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007702000c 1 byte [C3] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3212] C:\windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000770af85a 5 bytes JMP 000000017705d571 .text C:\Users\Garncarka\AppData\Local\Akamai\netsession_win.exe[3852] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075121465 2 bytes [12, 75] .text C:\Users\Garncarka\AppData\Local\Akamai\netsession_win.exe[3852] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751214bb 2 bytes [12, 75] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654eb87 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f56e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619b294c4 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619b294c4@0023d773abc6 0x14 0x90 0x4F 0xFA ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619b294c4@a87b3995ca9f 0x2B 0x5A 0xFE 0x1A ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619b294c4@002548e65f79 0x83 0x91 0xF9 0xD1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619b294c4@001e4cd5b121 0x36 0xEB 0x5A 0x9D ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619b294c4@90cf1549ffee 0x43 0x91 0xD3 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x50 0x40 0x7A 0x8E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654eb87 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f56e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619b294c4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619b294c4@0023d773abc6 0x14 0x90 0x4F 0xFA ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619b294c4@a87b3995ca9f 0x2B 0x5A 0xFE 0x1A ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619b294c4@002548e65f79 0x83 0x91 0xF9 0xD1 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619b294c4@001e4cd5b121 0x36 0xEB 0x5A 0x9D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619b294c4@90cf1549ffee 0x43 0x91 0xD3 0xE5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x50 0x40 0x7A 0x8E ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----