GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-31 17:08:51 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.03.0 698,64GB Running: i1btzsv8.exe; Driver: C:\Users\User\AppData\Local\Temp\kwrdrpog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035f5000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff800035f502e 17 bytes [44, 00, 30, 0B, 68, 06, 80, ...] ---- User code sections - GMER 2.1 ---- ? C:\windows\system32\mssprxy.dll [2304] entry point in ".rdata" section 00000000727b71e6 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c81465 2 bytes [C8, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2060] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c814bb 2 bytes [C8, 75] .text ... * 2 .text C:\Program Files (x86)\Winamp\winamp.exe[1960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c81465 2 bytes [C8, 75] .text C:\Program Files (x86)\Winamp\winamp.exe[1960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c814bb 2 bytes [C8, 75] .text ... * 2 .text C:\Users\User\Downloads\OTL(2).exe[1252] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075c81465 2 bytes [C8, 75] .text C:\Users\User\Downloads\OTL(2).exe[1252] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000075c814bb 2 bytes [C8, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\windows\System32\svchost.exe [2088:2504] 000007fef7c09688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78e96854 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78e96854@0136052074f1 0x34 0x31 0xE0 0xB3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78e96854@101dc09192f7 0x1D 0x08 0x14 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78e96854@0018e41f0cff 0xFB 0x67 0xCD 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78e96854@9439e5d590b6 0x41 0xAE 0x8A 0x07 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x06 0xBC 0x14 0x37 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78e96854 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78e96854@0136052074f1 0x34 0x31 0xE0 0xB3 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78e96854@101dc09192f7 0x1D 0x08 0x14 0xFD ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78e96854@0018e41f0cff 0xFB 0x67 0xCD 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78e96854@9439e5d590b6 0x41 0xAE 0x8A 0x07 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x06 0xBC 0x14 0x37 ... ---- EOF - GMER 2.1 ----