GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-03 11:19:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000074 ATA_____ rev.HPM1 465,76GB Running: wliwpu0o.exe; Driver: C:\Users\MACIO\AppData\Local\Temp\pglirpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2148] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ff87b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2148] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075801465 2 bytes [80, 75] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2148] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000758014bb 2 bytes [80, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 000000006f221a22 2 bytes [22, 6F] .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 000000006f221ad0 2 bytes [22, 6F] .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 000000006f221b08 2 bytes [22, 6F] .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 000000006f221bba 2 bytes [22, 6F] .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 000000006f221bda 2 bytes [22, 6F] .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075801465 2 bytes [80, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758014bb 2 bytes [80, 75] .text ... * 2 .text C:\Program Files (x86)\HP SimplePass\TouchControl.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075801465 2 bytes [80, 75] .text C:\Program Files (x86)\HP SimplePass\TouchControl.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758014bb 2 bytes [80, 75] .text ... * 2 .text C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe[4160] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075801465 2 bytes [80, 75] .text C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe[4160] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000758014bb 2 bytes [80, 75] .text ... * 2 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075801465 2 bytes [80, 75] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758014bb 2 bytes [80, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075801465 2 bytes [80, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758014bb 2 bytes [80, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075801465 2 bytes [80, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758014bb 2 bytes [80, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075801465 2 bytes [80, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758014bb 2 bytes [80, 75] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289ee4f98 Reg HKLM\SYSTEM\CurrentControlSet\services\PDFSfilter\Parameters\{c249aef7-622e-11e1-9195-806e6f6e6963}@NumExtendFileExtentsSaved 541440 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 3853 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0x4B 0x1B 0xB7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0x99 0x4B 0x91 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@d0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5A 0x5E 0x98 0x89 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289ee4f98 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0x4B 0x1B 0xB7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0x99 0x4B 0x91 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@d0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5A 0x5E 0x98 0x89 ... ---- EOF - GMER 2.1 ----