GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-13 23:50:45 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3160316AS rev.JC4B 149,05GB Running: m57g1hli.exe; Driver: C:\Users\WandaS\AppData\Local\Temp\fxliipow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002dee000 45 bytes [00, 00, 0B, 00, 57, 33, 32, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002dee02f 29 bytes [00, 05, 0B, 08, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AVG\AVG2012\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076141465 2 bytes [14, 76] .text C:\Program Files (x86)\AVG\AVG2012\avgfws.exe[1640] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000761414bb 2 bytes [14, 76] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1192] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076141465 2 bytes [14, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1192] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000761414bb 2 bytes [14, 76] .text ... * 2 .text C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\fdhost.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076141465 2 bytes [14, 76] .text C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\fdhost.exe[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761414bb 2 bytes [14, 76] .text ... * 2 .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076141465 2 bytes [14, 76] .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761414bb 2 bytes [14, 76] .text ... * 2 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4388] C:\Windows\syswow64\USER32.dll!GetMenu + 412 00000000749e51dd 7 bytes JMP 0000000110053ac0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4388] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 00000000749e610b 7 bytes JMP 0000000110053c10 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4388] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 00000000749ec6c1 7 bytes JMP 0000000110053bf0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4388] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 0000000074a2fc98 7 bytes JMP 0000000110053c60 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4388] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 0000000074a2fcd1 7 bytes JMP 0000000110053d30 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4388] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 0000000074a2fcf5 7 bytes JMP 0000000110053ce0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076141465 2 bytes [14, 76] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761414bb 2 bytes [14, 76] .text ... * 2 .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076141465 2 bytes [14, 76] .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761414bb 2 bytes [14, 76] .text ... * 2 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076141465 2 bytes [14, 76] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761414bb 2 bytes [14, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076141465 2 bytes [14, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761414bb 2 bytes [14, 76] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4908] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076141465 2 bytes [14, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4908] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000761414bb 2 bytes [14, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076141465 2 bytes [14, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761414bb 2 bytes [14, 76] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076141465 2 bytes [14, 76] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761414bb 2 bytes [14, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:1124] 0000000076ef2e25 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:1276] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:1284] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:1300] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:1292] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:1308] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:1340] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:1376] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:1484] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:1488] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2528] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2532] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2536] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2540] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2544] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2548] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2552] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2556] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2560] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2564] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2568] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2572] 0000000076ef3e45 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2576] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2636] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2640] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2644] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2740] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2752] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:3848] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:3856] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:3860] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:1776] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:3816] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2760] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:1220] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:568] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2164] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:1280] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:2712] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:5724] 0000000073d129e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SJOBESTIASQL\MSSQL\Binn\sqlservr.exe [2024:7076] 0000000076ef3e45 ---- EOF - GMER 2.1 ----