GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-28 08:50:28 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000070 WDC_WD32 rev.01.0 298,09GB Running: r1bj6xpv.exe; Driver: C:\Users\INTROL~1\AppData\Local\Temp\kfayipod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800035ad000 45 bytes [43, 4D, 33, 31, 05, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff800035ad02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1696] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000761f8769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1696] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075f61465 2 bytes [F6, 75] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1696] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075f614bb 2 bytes [F6, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2648] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000725c1a22 2 bytes [5C, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2648] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000725c1ad0 2 bytes [5C, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2648] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000725c1b08 2 bytes [5C, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2648] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000725c1bba 2 bytes [5C, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2648] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000725c1bda 2 bytes [5C, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f61465 2 bytes [F6, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f614bb 2 bytes [F6, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1216:1624] 00000000760e7587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1216:1660] 000000007470758a Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1216:1732] 0000000077b62e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1216:1524] 0000000077b63e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1216:3016] 0000000077b63e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1216:5608] 0000000077b63e85 Thread C:\Windows\System32\svchost.exe [4376:2948] 000007feec069688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4468:4528] 000007fefb8e2a7c ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----