GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-23 16:28:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: ju8q2v68.exe; Driver: C:\Users\aDi\AppData\Local\Temp\uxriapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ed1465 2 bytes [ED, 75] .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ed14bb 2 bytes [ED, 75] .text ... * 2 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075ed1465 2 bytes [ED, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075ed14bb 2 bytes [ED, 75] .text ... * 2 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ed1465 2 bytes [ED, 75] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ed14bb 2 bytes [ED, 75] .text ... * 2 .text C:\Users\aDi\Desktop\OTL.scr[5220] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075ed1465 2 bytes [ED, 75] .text C:\Users\aDi\Desktop\OTL.scr[5220] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000075ed14bb 2 bytes [ED, 75] .text ... * 2 .text C:\Program Files (x86)\Notepad++\notepad++.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ed1465 2 bytes [ED, 75] .text C:\Program Files (x86)\Notepad++\notepad++.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ed14bb 2 bytes [ED, 75] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68c6cb2f Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68c6cb2f@d82a7e31b9b6 0xA2 0x90 0x78 0x18 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68c6cb2f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68c6cb2f@d82a7e31b9b6 0xA2 0x90 0x78 0x18 ... ---- Files - GMER 2.1 ---- File C:\ProgramData\Microsoft\RAC\Temp\sql2791.tmp 20480 bytes File C:\ProgramData\Microsoft\RAC\Temp\sql27E0.tmp 20480 bytes File C:\Users\aDi\AppData\Local\Opera\Opera\cache\sesn\opr003HE.tmp 267 bytes ---- EOF - GMER 2.1 ----