GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-10 16:59:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5 SAMSUNG_HD642JJ rev.1AA01108 596,17GB Running: nmq5rw0k.exe; Driver: C:\Users\gr3nade\AppData\Local\Temp\ugldqpog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031bc000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031bc02f 16 bytes [00, 30, 1B, 0E, 06, 80, FA, ...] ---- User code sections - GMER 2.1 ---- .text D:\#Programy\ESET\x86\ekrn.exe[1456] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076c28769 4 bytes [C2, 04, 00, 00] .text D:\#Programy\ESET\x86\ekrn.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074d91465 2 bytes [D9, 74] .text D:\#Programy\ESET\x86\ekrn.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074d914bb 2 bytes [D9, 74] .text ... * 2 .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[1336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d91465 2 bytes [D9, 74] .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[1336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d914bb 2 bytes [D9, 74] .text ... * 2 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2976] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076c28769 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d91465 2 bytes [D9, 74] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d914bb 2 bytes [D9, 74] .text ... * 2 .text C:\Users\gr3nade\AppData\Roaming\Dropbox\bin\Dropbox.exe[2992] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000074d91465 2 bytes [D9, 74] .text C:\Users\gr3nade\AppData\Roaming\Dropbox\bin\Dropbox.exe[2992] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000074d914bb 2 bytes [D9, 74] .text ... * 2 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d91465 2 bytes [D9, 74] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d914bb 2 bytes [D9, 74] .text ... * 2 .text D:\#Programy\LogMeIn Hamachi\hamachi-2-ui.exe[2232] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000074d91465 2 bytes [D9, 74] .text D:\#Programy\LogMeIn Hamachi\hamachi-2-ui.exe[2232] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 0000000074d914bb 2 bytes [D9, 74] .text ... * 2 .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d91465 2 bytes [D9, 74] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d914bb 2 bytes [D9, 74] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [3216] entry point in ".rdata" section 0000000073e371e6 .text C:\Users\gr3nade\AppData\Roaming\uTorrent\uTorrent.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d91465 2 bytes [D9, 74] .text C:\Users\gr3nade\AppData\Roaming\uTorrent\uTorrent.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d914bb 2 bytes [D9, 74] .text ... * 2 .text C:\Users\gr3nade\Desktop\OTL.exe[5724] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000074d91465 2 bytes [D9, 74] .text C:\Users\gr3nade\Desktop\OTL.exe[5724] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000074d914bb 2 bytes [D9, 74] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2112:4840] 000007fefb522a7c Thread C:\Windows\System32\svchost.exe [3132:3824] 000007fee5b09688 ---- Processes - GMER 2.1 ---- Library C:\Users\gr3nade\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\gr3nade\AppData\Roaming\Dropbox\bin\Dropbox.exe [2992](2014-01-03 00:45:04) 0000000003ff0000 Library C:\Users\gr3nade\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\gr3nade\AppData\Roaming\Dropbox\bin\Dropbox.exe [2992](2013-10-18 23:55:02) 000000006bd80000 Library C:\Users\gr3nade\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\gr3nade\AppData\Roaming\Dropbox\bin\Dropbox.exe [2992] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000070350000 ---- Files - GMER 2.1 ---- File C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf (size mismatch) 136704/137168 bytes executable File C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf (size mismatch) 62618/67258 bytes executable File C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf (size mismatch) 253036/136800 bytes executable File C:\Users\gr3nade\AppData\Roaming\Microsoft\Windows\Cookies\2BJBRH1R.txt 0 bytes ---- EOF - GMER 2.1 ----