GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-22 21:12:41 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: vr71jz2m.exe; Driver: C:\Users\Samsung\AppData\Local\Temp\pxrorfoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\windows\System32\win32k.sys!W32pServiceTable fffff96000194000 7 bytes [80, 93, F3, FF, 01, 9D, F0] .text C:\windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000194008 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\windows\SysWOW64\svchost.exe[1520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c71465 2 bytes [C7, 77] .text C:\windows\SysWOW64\svchost.exe[1520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c714bb 2 bytes [C7, 77] .text ... * 2 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1588] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000754a87b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1588] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077c71465 2 bytes [C7, 77] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1588] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000077c714bb 2 bytes [C7, 77] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c71465 2 bytes [C7, 77] .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c714bb 2 bytes [C7, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2824] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c71465 2 bytes [C7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2824] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c714bb 2 bytes [C7, 77] .text ... * 2 .text C:\Program Files (x86)\Anti-AD Guard 2.1 Pro\adguard.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c71465 2 bytes [C7, 77] .text C:\Program Files (x86)\Anti-AD Guard 2.1 Pro\adguard.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c714bb 2 bytes [C7, 77] .text ... * 2 .text C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe[3392] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c71465 2 bytes [C7, 77] .text C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe[3392] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c714bb 2 bytes [C7, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c71465 2 bytes [C7, 77] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c714bb 2 bytes [C7, 77] .text ... * 2 .text C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe[1064] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c71465 2 bytes [C7, 77] .text C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe[1064] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c714bb 2 bytes [C7, 77] .text ... * 2 .text C:\windows\SysWOW64\RunDll32.exe[3968] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c71465 2 bytes [C7, 77] .text C:\windows\SysWOW64\RunDll32.exe[3968] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c714bb 2 bytes [C7, 77] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e1f0 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971071cd6 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca94433764 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df1ff857 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4D 0x10 0x90 0x14 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e1f0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971071cd6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca94433764 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df1ff857 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4D 0x10 0x90 0x14 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----