GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-21 19:12:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 ATA_____ rev.040H 119,24GB Running: xc5jfmsy.exe; Driver: D:\Temp\awdirpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1972] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000760a8769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000774e1465 2 bytes [4E, 77] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000774e14bb 2 bytes [4E, 77] .text ... * 2 .text C:\Program Files (x86)\Glary Utilities 3\Integrator.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774e1465 2 bytes [4E, 77] .text C:\Program Files (x86)\Glary Utilities 3\Integrator.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774e14bb 2 bytes [4E, 77] .text ... * 2 .text C:\Program Files (x86)\Steam\Steam.exe[2344] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 000000007648549c 5 bytes JMP 00000001000f0800 .text C:\Program Files (x86)\Steam\Steam.exe[2344] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000774e1465 2 bytes [4E, 77] .text C:\Program Files (x86)\Steam\Steam.exe[2344] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000774e14bb 2 bytes [4E, 77] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774e1465 2 bytes [4E, 77] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774e14bb 2 bytes [4E, 77] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x23 0xC7 0xCF 0xF5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAB 0x71 0x59 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7F 0xC5 0xD3 0x2D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x23 0xC7 0xCF 0xF5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAB 0x71 0x59 0x17 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7F 0xC5 0xD3 0x2D ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 0 bytes ---- EOF - GMER 2.1 ----