GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-18 19:43:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB Running: cow9f1jm.exe; Driver: C:\Users\ola\AppData\Local\Temp\uxriqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2324] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000770efa98 5 bytes JMP 0000000172ef19b0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2324] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0028 5 bytes JMP 0000000172ef2066 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f91465 2 bytes [F9, 75] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f914bb 2 bytes [F9, 75] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800187bd18] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2736:2828] 000007fefb3b2ab8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2736:1192] 000007fef11c5124 ---- Files - GMER 2.1 ---- File C:\Program Files\Windows Defender\ar-SA\MpAsDesc.dll.mui 33792 bytes executable File C:\Program Files\Windows Defender\ar-SA\MpEvMsg.dll.mui 14848 bytes executable File C:\Program Files\Windows Defender\ar-SA\MsMpRes.dll.mui 46080 bytes executable File C:\Program Files\Windows Defender\bg-BG\MpAsDesc.dll.mui 39424 bytes executable File C:\Program Files\Windows Defender\bg-BG\MsMpRes.dll.mui 52736 bytes executable File C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui 35328 bytes executable File C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui 15360 bytes executable File C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui 46592 bytes executable File C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui 44544 bytes executable File C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui 18944 bytes executable File C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui 56832 bytes executable File C:\Program Files\Windows Defender\hr-HR\MpAsDesc.dll.mui 38912 bytes executable File C:\Program Files\Windows Defender\hr-HR\MsMpRes.dll.mui 50176 bytes executable File C:\Program Files\Windows Defender\pl-PL\MpAsDesc.dll.mui 41472 bytes executable File C:\Program Files\Windows Defender\pl-PL\MpEvMsg.dll.mui 17920 bytes executable File C:\Program Files\Windows Defender\pl-PL\MsMpRes.dll.mui 53248 bytes executable File C:\Program Files\Windows Defender\ru-RU\MpAsDesc.dll.mui 39936 bytes executable File C:\Program Files\Windows Defender\ru-RU\MpEvMsg.dll.mui 16384 bytes executable File C:\Program Files\Windows Defender\ru-RU\MsMpRes.dll.mui 51200 bytes executable File C:\Program Files\Windows Defender\sl-SI\MpAsDesc.dll.mui 38912 bytes executable File C:\Program Files\Windows Defender\sl-SI\MsMpRes.dll.mui 51200 bytes executable File C:\Program Files\Windows Defender\tr-TR\MpAsDesc.dll.mui 37888 bytes executable File C:\Program Files\Windows Defender\tr-TR\MpEvMsg.dll.mui 15872 bytes executable File C:\Program Files\Windows Defender\tr-TR\MsMpRes.dll.mui 50176 bytes executable ---- EOF - GMER 2.1 ----