GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-21 08:12:08 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e ST640LM001_HN-M640MBB rev.2AR10002 596,17GB Running: m57g1hli.exe; Driver: C:\Users\admin\AppData\Local\Temp\pxldypog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960001dbe00 15 bytes [00, 8F, 0F, 02, 40, F0, 6F, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff960001dbe10 11 bytes [00, DB, FB, FF, 80, C7, D2, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[4936] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd9212169a 4 bytes [12, 92, FD, 7F] .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[4936] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd921216a2 4 bytes [12, 92, FD, 7F] .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[4936] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd9212181a 4 bytes [12, 92, FD, 7F] .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[4936] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd92121832 4 bytes [12, 92, FD, 7F] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1084] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd7eba1f6a 4 bytes [BA, 7E, FD, 7F] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1084] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd7eba1f82 4 bytes [BA, 7E, FD, 7F] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6300] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffd9212169a 4 bytes [12, 92, FD, 7F] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6300] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffd921216a2 4 bytes [12, 92, FD, 7F] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6300] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffd9212181a 4 bytes [12, 92, FD, 7F] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[6300] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffd92121832 4 bytes [12, 92, FD, 7F] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6940] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd9212169a 4 bytes [12, 92, FD, 7F] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6940] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd921216a2 4 bytes [12, 92, FD, 7F] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6940] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd9212181a 4 bytes [12, 92, FD, 7F] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6940] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd92121832 4 bytes [12, 92, FD, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6824] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd9212169a 4 bytes [12, 92, FD, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6824] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd921216a2 4 bytes [12, 92, FD, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6824] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd9212181a 4 bytes [12, 92, FD, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6824] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd92121832 4 bytes [12, 92, FD, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [832:848] fffff960008154d0 Thread C:\WINDOWS\system32\svchost.exe [968:7892] 00007ffd831038e0 Thread C:\WINDOWS\system32\svchost.exe [968:12852] 00007ffd67bb1f3c Thread C:\WINDOWS\system32\svchost.exe [968:19020] 00007ffd80fd11b0 Thread C:\WINDOWS\system32\svchost.exe [1240:2340] 00007ffd87fcdff0 Thread C:\WINDOWS\system32\svchost.exe [1240:3036] 00007ffd87094b30 Thread C:\WINDOWS\system32\svchost.exe [1240:3444] 00007ffd87e75340 Thread C:\WINDOWS\System32\spoolsv.exe [1548:980] 00007ffd879912f8 Thread C:\WINDOWS\System32\spoolsv.exe [1548:2064] 00007ffd87973118 Thread C:\WINDOWS\System32\spoolsv.exe [1548:1504] 00007ffd89355b3c Thread C:\WINDOWS\System32\spoolsv.exe [1548:3536] 00007ffd88278140 Thread C:\WINDOWS\System32\spoolsv.exe [1548:4168] 00007ffd84e5d7b8 Thread C:\WINDOWS\system32\svchost.exe [2600:2680] 00007ffd879912f8 Thread C:\WINDOWS\system32\svchost.exe [2600:2684] 00007ffd87973118 Thread C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1601.1018_x64__8wekyb3d8bbwe\onenoteim.exe [8808:184] 00007ffd91998530 Thread C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1601.1018_x64__8wekyb3d8bbwe\onenoteim.exe [8808:100] 00007ffd8daf0b0c Thread C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1601.1018_x64__8wekyb3d8bbwe\onenoteim.exe [8808:196] 00007ffd72be5130 Thread C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1601.1018_x64__8wekyb3d8bbwe\onenoteim.exe [8808:4840] 00007ffd890c80ac Thread C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1601.1018_x64__8wekyb3d8bbwe\onenoteim.exe [8808:3896] 00007ffd91998530 Thread C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1601.1018_x64__8wekyb3d8bbwe\onenoteim.exe [8808:8316] 00007ffd8c7757e8 Thread C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1601.1018_x64__8wekyb3d8bbwe\onenoteim.exe [8808:8336] 00007ffd72cf9ac8 Thread C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1601.1018_x64__8wekyb3d8bbwe\onenoteim.exe [8808:6888] 00007ffd72cf9ac8 Thread C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1601.1018_x64__8wekyb3d8bbwe\onenoteim.exe [8808:8776] 00007ffd72cf9ac8 Thread C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1601.1018_x64__8wekyb3d8bbwe\onenoteim.exe [8808:2696] 00007ffd72cf9ac8 Thread C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1601.1018_x64__8wekyb3d8bbwe\onenoteim.exe [8808:6872] 00007ffd8e1c65dc Thread C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1601.1018_x64__8wekyb3d8bbwe\onenoteim.exe [8808:2220] 00007ffd8c7757e8 Thread C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.1601.1018_x64__8wekyb3d8bbwe\onenoteim.exe [8808:17592] 00007ffd8f7e1b54 Thread C:\WINDOWS\system32\backgroundTaskHost.exe [11704:17152] 00007ffd91998530 Thread C:\WINDOWS\system32\backgroundTaskHost.exe [11704:9172] 00007ffd890c80ac Thread C:\WINDOWS\system32\backgroundTaskHost.exe [11704:10340] 00007ffd7c4c2840 Thread C:\WINDOWS\system32\backgroundTaskHost.exe [11704:19356] 00007ffd7c43fafc Thread C:\WINDOWS\system32\backgroundTaskHost.exe [11704:15548] 00007ffd7c43fafc Thread C:\WINDOWS\system32\backgroundTaskHost.exe [11704:13572] 00007ffd7c43fafc ---- EOF - GMER 2.1 ----