GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-01-28 19:21:32 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 ST3500320AS rev.SD15 465,76GB Running: uxe3e4rp.exe; Driver: C:\Users\SOBI1_~1\AppData\Local\Temp\pxloypod.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files\Windows Defender\MsMpEng.exe[1464] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007f9a3b4177a 4 bytes [B4, A3, F9, 07] .text C:\Program Files\Windows Defender\MsMpEng.exe[1464] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007f9a3b41782 4 bytes [B4, A3, F9, 07] .text C:\Windows\system32\wbem\WmiApSrv.exe[3560] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9a3b4177a 4 bytes [B4, A3, F9, 07] .text C:\Windows\system32\wbem\WmiApSrv.exe[3560] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9a3b41782 4 bytes [B4, A3, F9, 07] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4760] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f9975d1b32 4 bytes [5D, 97, F9, 07] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4760] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f9975d1b3a 4 bytes [5D, 97, F9, 07] .text C:\Windows\system32\atiesrxx.exe[3312] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9a3b4177a 4 bytes [B4, A3, F9, 07] .text C:\Windows\system32\atiesrxx.exe[3312] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9a3b41782 4 bytes [B4, A3, F9, 07] .text C:\Windows\system32\atieclxx.exe[3808] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9a3b4177a 4 bytes [B4, A3, F9, 07] .text C:\Windows\system32\atieclxx.exe[3808] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9a3b41782 4 bytes [B4, A3, F9, 07] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\KERNEL32.dll[ntdll.dll!NtSetValueKey] [7f99c998700] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\KERNEL32.dll[ntdll.dll!NtSetInformationFile] [7f99c997e80] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\KERNEL32.dll[ntdll.dll!NtCreateFile] [7f99c997f10] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [7f99c997e80] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [7f99c997f10] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtSetValueKey] [7f99c998700] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtSetValueKey] [7f99c998700] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtCreateFile] [7f99c997f10] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [7f99c997e80] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtSetValueKey] [7f99c998700] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtCreateFile] [7f99c997f10] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtCreateFile] [7f99c997f10] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtSetInformationFile] [7f99c997e80] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\rsaenh.dll[ntdll.dll!NtCreateFile] [7f99c997f10] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4500] @ C:\Windows\system32\SETUPAPI.dll[ntdll.dll!NtSetInformationFile] [7f99c997e80] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\KERNEL32.dll[ntdll.dll!NtSetValueKey] [7f99c998700] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\KERNEL32.dll[ntdll.dll!NtSetInformationFile] [7f99c997e80] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\KERNEL32.dll[ntdll.dll!NtCreateFile] [7f99c997f10] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [7f99c997e80] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [7f99c997f10] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtSetValueKey] [7f99c998700] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtSetValueKey] [7f99c998700] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtCreateFile] [7f99c997f10] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [7f99c997e80] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtSetValueKey] [7f99c998700] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtCreateFile] [7f99c997f10] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtCreateFile] [7f99c997f10] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtSetInformationFile] [7f99c997e80] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\uxtheme.dll[USER32.dll!CallNextHookEx] [7f99c981750] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\uxtheme.dll[USER32.dll!SetWindowsHookExW] [7f99c9b1754] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\system32\SETUPAPI.dll[ntdll.dll!NtSetInformationFile] [7f99c997e80] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\System32\mshtml.dll[USER32.dll!SetWindowsHookExW] [7f99c9b1754] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\System32\mshtml.dll[USER32.dll!CallNextHookEx] [7f99c981750] C:\Windows\system32\apphelp.dll IAT C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2792] @ C:\Windows\System32\mshtml.dll[ntdll.dll!NtCreateFile] [7f99c997f10] C:\Windows\system32\apphelp.dll ---- Threads - GMER 2.0 ---- Thread C:\Windows\system32\csrss.exe [544:2904] fffff960009035e8 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [1932:4044] 000007f9a271d13c Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [1932:4088] 000007f9a19a5990 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [1932:4104] 000007f9a228b364 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -984546055 ---- EOF - GMER 2.0 ----