GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-06 17:10:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LM0 rev.2AR1 465,76GB
Running: q0yn7n8l.exe; Driver: C:\Users\Szymon\AppData\Local\Temp\awrdipob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                fffff800033a5000 45 bytes [00, 00, 10, 02, 4E, 74, 66, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                fffff800033a502f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Users\Szymon\Downloads\OTL.exe[5380] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 69   0000000077b61465 2 bytes [B6, 77]
.text     C:\Users\Szymon\Downloads\OTL.exe[5380] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 155  0000000077b614bb 2 bytes [B6, 77]
.text     ...                                                                                               * 2

---- Threads - GMER 2.1 ----

Thread    C:\windows\System32\svchost.exe [972:1148]                                                        000007fefb0959a0
Thread    C:\windows\System32\svchost.exe [972:3408]                                                        000007fef91e44e0
Thread    C:\windows\System32\svchost.exe [972:3364]                                                        000007fefd1f1a70
Thread    C:\windows\System32\svchost.exe [972:2456]                                                        000007fef33442c8
Thread    C:\windows\System32\svchost.exe [972:3452]                                                        000007fef9cd5fd0
Thread    C:\windows\System32\svchost.exe [972:1172]                                                        000007fef9cd63ec
Thread    C:\windows\System32\svchost.exe [972:4192]                                                        000007fef95988f8
Thread    C:\windows\System32\svchost.exe [972:6128]                                                        000007fefb9620c0
Thread    C:\windows\System32\svchost.exe [972:6108]                                                        000007fefb9626a8
Thread    C:\windows\system32\svchost.exe [124:4060]                                                        000007fef636506c
Thread    C:\windows\system32\svchost.exe [124:4068]                                                        000007fef8c01c20
Thread    C:\windows\system32\svchost.exe [124:4072]                                                        000007fef8c01c20
Thread    C:\windows\system32\svchost.exe [124:4432]                                                        000007fef94d5124
Thread    C:\windows\system32\svchost.exe [124:3048]                                                        000007fef7d84164
Thread    C:\windows\system32\svchost.exe [124:1236]                                                        000007fef7591ab0
Thread    C:\windows\system32\svchost.exe [124:1404]                                                        000007fef8e217f8

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b8030542d6b8                       
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971076042                       
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9710777da                       
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b8030542d6b8 (not active ControlSet)   
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971076042 (not active ControlSet)   
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca9710777da (not active ControlSet)   

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                             unknown MBR code

---- EOF - GMER 2.1 ----