GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-15 23:05:57 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 ST3500320AS rev.SD15 465,76GB Running: e0b0slz4.exe; Driver: C:\Users\SOBI1_~1\AppData\Local\Temp\pxloypod.sys ---- User code sections - GMER 2.0 ---- .text C:\Windows\system32\atiesrxx.exe[852] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f882d7177a 4 bytes [D7, 82, F8, 07] .text C:\Windows\system32\atiesrxx.exe[852] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f882d71782 4 bytes [D7, 82, F8, 07] .text C:\Windows\system32\atieclxx.exe[408] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f882d7177a 4 bytes [D7, 82, F8, 07] .text C:\Windows\system32\atieclxx.exe[408] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f882d71782 4 bytes [D7, 82, F8, 07] .text C:\Windows\system32\atieclxx.exe[408] C:\Windows\system32\WSOCK32.dll!recvfrom + 742 000007f87f7f1b32 4 bytes [7F, 7F, F8, 07] .text C:\Windows\system32\atieclxx.exe[408] C:\Windows\system32\WSOCK32.dll!recvfrom + 750 000007f87f7f1b3a 4 bytes [7F, 7F, F8, 07] .text C:\Program Files\Windows Defender\MsMpEng.exe[1736] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007f882d7177a 4 bytes [D7, 82, F8, 07] .text C:\Program Files\Windows Defender\MsMpEng.exe[1736] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007f882d71782 4 bytes [D7, 82, F8, 07] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f87f7f1b32 4 bytes [7F, 7F, F8, 07] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f87f7f1b3a 4 bytes [7F, 7F, F8, 07] ---- Threads - GMER 2.0 ---- Thread C:\Windows\system32\csrss.exe [524:572] fffff960009745e8 Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:3936] 000007f8828723a8 Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:4076] 000007f884e81b90 Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:2832] 000007f86a61af70 Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:2988] 000007f86a0bb9cc Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:2888] 000007f86a0bb9cc Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:2912] 000007f86a0bb9cc Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:2564] 000007f86a0bb9cc Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:2972] 000007f868af6ac0 Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:2868] 000007f8828723a8 Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:644] 000007f868af6ac0 Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:2748] 000007f868afb220 Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:1376] 000007f878391c90 Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:2416] 000007f878981130 Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:2156] 000007f88487d13c Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:2148] 000007f881b45990 Thread D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700:2688] 000007f868af6ac0 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3456] 000007f872670000 Library ? (*** suspicious ***) @ D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3004] 000007f885160000 Library ? (*** suspicious ***) @ D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3700] 000007f870df0000 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 584067828 ---- EOF - GMER 2.0 ----