GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-01 16:03:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST964032 rev.0001 596,17GB Running: gmer.exe; Driver: C:\Users\Monika\AppData\Local\Temp\uxldapow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033fe000 63 bytes [00, 00, 0D, 02, 4B, 4C, 73, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 624 fffff800033fe040 22 bytes [A8, 2F, 06, 0B, 80, FA, FF, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077191465 2 bytes [19, 77] .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771914bb 2 bytes [19, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077191465 2 bytes [19, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771914bb 2 bytes [19, 77] .text ... * 2 .text C:\Windows\AsScrPro.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077191465 2 bytes [19, 77] .text C:\Windows\AsScrPro.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771914bb 2 bytes [19, 77] .text ... * 2 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077191465 2 bytes [19, 77] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771914bb 2 bytes [19, 77] .text ... * 2 .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077191465 2 bytes [19, 77] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771914bb 2 bytes [19, 77] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077191465 2 bytes [19, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771914bb 2 bytes [19, 77] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800355bd18] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1E 0x6A 0x8E 0xE8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xBE 0x72 0x6B 0x23 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x33 0xE6 0x0A 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x8D 0x1D 0x62 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x06 0xD7 0xE7 0xA5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1E 0x6A 0x8E 0xE8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xBE 0x72 0x6B 0x23 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x33 0xE6 0x0A 0xCB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x8D 0x1D 0x62 0x8B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x06 0xD7 0xE7 0xA5 ... ---- Files - GMER 2.1 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 16 bytes File C:\ADSM_PData_0150\DB\VL.db 16 bytes File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes ---- EOF - GMER 2.1 ----