GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-31 12:13:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST332062 rev.3.AE 298,09GB Running: gvxn932x.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kxrorpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1492] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000762187b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2092] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073541a22 2 bytes [54, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2092] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073541ad0 2 bytes [54, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2092] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073541b08 2 bytes [54, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2092] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073541bba 2 bytes [54, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2092] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073541bda 2 bytes [54, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [1692:2564] 000007fef1369688 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1792] (GG drive overlay/GG Network S.A.)(2014-03-12 11:45:28) 000000005c080000 Library C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\NetworkMeterv2.4.gadget\netlib.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [2676] (NIC Information .NET Wrapper/Jonathan Abbott)(2012-03-30 17:38:20) 0000000074270000 Process C:\Users\Admin\AppData\Roaming\svchost.exe (*** suspicious ***) @ C:\Users\Admin\AppData\Roaming\svchost.exe [2860](2015-10-30 17:36:07) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 11743 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 6746 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4B 0x60 0x37 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0x2C 0x2E 0x74 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x75 0x10 0x7F 0xC4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4B 0x60 0x37 0x57 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0x2C 0x2E 0x74 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x75 0x10 0x7F 0xC4 ... ---- EOF - GMER 2.1 ----