GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-04-27 19:11:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAKX-001CA0 rev.15.01H15 465,76GB Running: 7ohtgt8p.exe; Driver: C:\Users\Krystian\AppData\Local\Temp\axlcraob.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075a11401 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075a11419 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075a11431 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075a1144a 2 bytes [A1, 75] .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075a114dd 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075a114f5 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075a1150d 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075a11525 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075a1153d 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075a11555 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075a1156d 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075a11585 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075a1159d 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075a115b5 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075a115cd 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075a116b2 2 bytes [A1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075a116bd 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075a11401 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075a11419 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075a11431 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075a1144a 2 bytes [A1, 75] .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075a114dd 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075a114f5 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075a1150d 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075a11525 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075a1153d 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075a11555 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075a1156d 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075a11585 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075a1159d 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075a115b5 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075a115cd 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075a116b2 2 bytes [A1, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075a116bd 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000075a11401 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000075a11419 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000075a11431 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 0000000075a1144a 2 bytes [A1, 75] .text ... * 9 .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 0000000075a114dd 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 0000000075a114f5 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 0000000075a1150d 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000075a11525 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 0000000075a1153d 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000075a11555 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 0000000075a1156d 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000075a11585 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 0000000075a1159d 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 0000000075a115b5 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 0000000075a115cd 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 0000000075a116b2 2 bytes [A1, 75] .text C:\Users\Krystian\Downloads\OTL.exe[3176] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 0000000075a116bd 2 bytes [A1, 75] ---- Threads - GMER 2.0 ---- Thread C:\Windows\system32\svchost.exe [368:3756] 000007fef8146848 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2696:1336] 000007fefbef2ab8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2696:2496] 000007fefa3b5124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2696:2440] 000007fef200d618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2696:2444] 000007fef1ef0ea8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2696:2644] 000007fef1ef0ea8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2696:2408] 000007fef1ef0ea8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2696:1552] 000007fef1ef0ea8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2696:2028] 000007fef1ef0ea8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2696:2628] 000007fef1ef0ea8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2696:2280] 000007fef1fa9730 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2696:2304] 000007fef200d618 ---- EOF - GMER 2.0 ----