GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-13 23:08:53 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 TOSHIBA_MK6008GAH rev.BU022C 55,89GB Running: qt5eg96b.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxlyraoc.sys ---- System - GMER 2.1 ---- SSDT F7B66A94 ZwClose SSDT F7B66A4E ZwCreateKey SSDT F7B66A9E ZwCreateSection SSDT F7B66A44 ZwCreateThread SSDT F7B66A53 ZwDeleteKey SSDT F7B66A5D ZwDeleteValueKey SSDT F7B66A8F ZwDuplicateObject SSDT F7B66A62 ZwLoadKey SSDT F7B66A30 ZwOpenProcess SSDT F7B66A35 ZwOpenThread SSDT F7B66AB7 ZwQueryValueKey SSDT F7B66A6C ZwReplaceKey SSDT F7B66AA8 ZwRequestWaitReplyPort SSDT F7B66A67 ZwRestoreKey SSDT F7B66AA3 ZwSetContextThread SSDT F7B66AAD ZwSetSecurityObject SSDT F7B66A58 ZwSetValueKey SSDT F7B66AB2 ZwSystemDebugControl SSDT F7B66A3F ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- ? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. ! ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\SMINST\Scheduler.exe[1336] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 00418ED0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1336] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 00418F40 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1336] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 00418DC0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1336] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 00418D10 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1336] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 00418E90 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1336] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 00418D50 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1336] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 00418E00 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1336] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 00418D80 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1336] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 00418E40 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[1336] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 00418CD0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\Program Files\Mozilla Firefox\firefox.exe[3776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0171F140 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3776] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01D3FDF5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3776] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01D3FDD2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3776] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01722942 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3776] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01D3FD53 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----