GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-04 18:16:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.51.0 931,51GB Running: nxjuiy4g.exe; Driver: C:\Users\OCHRON~1\AppData\Local\Temp\uxliraob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2112] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071ef1a22 2 bytes [EF, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2112] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071ef1ad0 2 bytes [EF, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2112] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071ef1b08 2 bytes [EF, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2112] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071ef1bba 2 bytes [EF, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2112] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071ef1bda 2 bytes [EF, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750d1465 2 bytes [0D, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750d14bb 2 bytes [0D, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [4624:3576] 000007fee9439688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [240:3228] 000007fefb402a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [240:4648] 000007fee94dd618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [240:3548] 000007fef7b35124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167000000 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167000000@78471d59bdcd 0x4A 0x91 0x06 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x68 0xCA 0x7A 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0x46 0x68 0xB1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFF 0x56 0x43 0x91 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167000000 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167000000@78471d59bdcd 0x4A 0x91 0x06 0x0B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x68 0xCA 0x7A 0x54 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0x46 0x68 0xB1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFF 0x56 0x43 0x91 ... ---- EOF - GMER 2.1 ----