GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-30 20:08:44 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000BPKT-00PK4T0 rev.01.01A01 465,76GB Running: ig0x1uxv.exe; Driver: C:\Users\robert\AppData\Local\Temp\uwrdypob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x922BD5D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x922BD700] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x922BD010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x922BD300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x922BD3E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x922BD120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x922BD210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x922BD4D0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C85A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBF212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82CC66EC 8 Bytes [D0, D5, 2B, 92, 00, D7, 2B, ...] {RCL CH, 0x1; SUB EDX, [EDX-0x6dd42900]} .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82CC6734 4 Bytes [10, D0, 2B, 92] .text ntkrnlpa.exe!KeRemoveQueueEx + 165F 82CC69F4 8 Bytes [00, D3, 2B, 92, E0, D3, 2B, ...] {ADD BL, DL; SUB EDX, [EDX-0x6dd42c20]} .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82CC6A04 8 Bytes [20, D1, 2B, 92, 10, D2, 2B, ...] {AND CL, DL; SUB EDX, [EDX-0x6dd42df0]} .text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82CC6A78 4 Bytes [D0, D4, 2B, 92] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[1860] shell32.DLL!RealDriveType + 173D 760EFE30 4 Bytes [E5, 36, 42, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[1860] shell32.DLL!RealDriveType + 1745 760EFE38 8 Bytes [1B, 57, 42, 69, A7, 83, 43, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[5132] shell32.DLL!RealDriveType + 173D 760EFE30 4 Bytes [E5, 36, 42, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[5132] shell32.DLL!RealDriveType + 1745 760EFE38 8 Bytes [1B, 57, 42, 69, A7, 83, 43, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[5652] shell32.DLL!RealDriveType + 173D 760EFE30 4 Bytes [E5, 36, 42, 69] .text ... ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----