GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-01-05 20:39:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2 ST1000DM003-1CH162 rev.CC47 931,51GB Running: f0v2pegc.exe; Driver: C:\Users\ROBERT~1\AppData\Local\Temp\kglorpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e69d0b 5 bytes JMP 000000011000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076e69d4e 5 bytes JMP 000000011000a630 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000730e451e 5 bytes JMP 000000011000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000730e4b6d 5 bytes JMP 000000011000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000730e4bf2 5 bytes JMP 000000011000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000730e4f0f 5 bytes JMP 000000011000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000730e4f7b 5 bytes JMP 000000011000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000730e9054 5 bytes JMP 000000011000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000730eadf9 5 bytes JMP 000000011000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000731052e8 5 bytes JMP 000000011000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007310535f 5 bytes JMP 000000011000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000731059cc 5 bytes JMP 000000011000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000073105a6a 5 bytes JMP 000000011000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000073105ad7 5 bytes JMP 000000011000af00 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000073105b5b 5 bytes JMP 000000011000af40 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000073105bba 5 bytes JMP 000000011000af80 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000073105bee 5 bytes JMP 000000011000b000 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000073105c22 5 bytes JMP 000000011000b060 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000073105c67 5 bytes JMP 000000011000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072cf7e3d 5 bytes JMP 000000011000a690 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000072d2de69 5 bytes JMP 000000011000a770 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000072d3d2c5 5 bytes JMP 000000011000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000072d3d371 5 bytes JMP 000000011000a990 .text C:\Windows\SysWOW64\HsMgr.exe[1128] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000072d3d429 5 bytes JMP 000000011000aa80 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveOutClose 000007fef6aa36ac 5 bytes JMP 000007fefe0a01f0 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fef6aa3770 5 bytes JMP 000007fefe0a0298 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fef6aa38d0 5 bytes JMP 000007fefe0a01b8 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fef6aa3ca4 5 bytes JMP 000007fefe0a0260 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fef6aa3d40 5 bytes JMP 000007fefe0a0228 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveInOpen 000007fef6aa7fe0 7 bytes JMP 000007fefe0a0378 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveOutReset 000007fef6aaa38c 5 bytes JMP 000007fefe0a02d0 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fef6ac49f0 5 bytes JMP 000007fefe0a0308 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fef6ac4ab0 5 bytes JMP 000007fefe0a0340 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveInClose 000007fef6ac52e0 5 bytes JMP 000007fefe0a03b0 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fef6ac53c0 5 bytes JMP 000007fefe0a0490 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fef6ac5454 5 bytes JMP 000007fefe0a04c8 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fef6ac5514 5 bytes JMP 000007fefe0a0500 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveInStart 000007fef6ac55a4 6 bytes JMP 000007fefe0a03e8 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveInStop 000007fef6ac55e4 6 bytes JMP 000007fefe0a0420 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveInReset 000007fef6ac5624 5 bytes JMP 000007fefe0a0458 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fef6ac567c 5 bytes JMP 000007fefe0a0538 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef6996944 7 bytes JMP 000007fefe0a0180 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef69b5a84 7 bytes JMP 000007fefe0a0148 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef69b5b90 7 bytes JMP 000007fefe0a0570 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef69b5c94 7 bytes JMP 000007fefe0a05a8 .text C:\Windows\system\HsMgr64.exe[1168] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef69b5da8 5 bytes JMP 000007fefe0a05e0 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e69d0b 5 bytes JMP 000000011000a4d0 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076e69d4e 5 bytes JMP 000000011000a630 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000730e451e 5 bytes JMP 000000011000ab40 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000730e4b6d 5 bytes JMP 000000011000abb0 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000730e4bf2 5 bytes JMP 000000011000ac90 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000730e4f0f 5 bytes JMP 000000011000ac50 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000730e4f7b 5 bytes JMP 000000011000ac10 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000730e9054 5 bytes JMP 000000011000ad10 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000730eadf9 5 bytes JMP 000000011000abe0 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000731052e8 5 bytes JMP 000000011000acd0 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007310535f 5 bytes JMP 000000011000acf0 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000731059cc 5 bytes JMP 000000011000ae40 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000073105a6a 5 bytes JMP 000000011000aec0 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000073105ad7 5 bytes JMP 000000011000af00 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000073105b5b 5 bytes JMP 000000011000af40 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000073105bba 5 bytes JMP 000000011000af80 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000073105bee 5 bytes JMP 000000011000b000 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000073105c22 5 bytes JMP 000000011000b060 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000073105c67 5 bytes JMP 000000011000b0d0 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072cf7e3d 5 bytes JMP 000000011000a690 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000072d2de69 5 bytes JMP 000000011000a770 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000072d3d2c5 5 bytes JMP 000000011000a8a0 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000072d3d371 5 bytes JMP 000000011000a990 .text E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2404] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000072d3d429 5 bytes JMP 000000011000aa80 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e69d0b 5 bytes JMP 000000011000a4d0 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076e69d4e 5 bytes JMP 000000011000a630 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000730e451e 5 bytes JMP 000000011000ab40 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000730e4b6d 5 bytes JMP 000000011000abb0 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000730e4bf2 5 bytes JMP 000000011000ac90 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000730e4f0f 5 bytes JMP 000000011000ac50 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000730e4f7b 5 bytes JMP 000000011000ac10 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000730e9054 5 bytes JMP 000000011000ad10 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000730eadf9 5 bytes JMP 000000011000abe0 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000731052e8 5 bytes JMP 000000011000acd0 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007310535f 5 bytes JMP 000000011000acf0 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000731059cc 5 bytes JMP 000000011000ae40 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000073105a6a 5 bytes JMP 000000011000aec0 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000073105ad7 5 bytes JMP 000000011000af00 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000073105b5b 5 bytes JMP 000000011000af40 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000073105bba 5 bytes JMP 000000011000af80 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000073105bee 5 bytes JMP 000000011000b000 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000073105c22 5 bytes JMP 000000011000b060 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000073105c67 5 bytes JMP 000000011000b0d0 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072cf7e3d 5 bytes JMP 000000011000a690 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000072d2de69 5 bytes JMP 000000011000a770 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000072d3d2c5 5 bytes JMP 000000011000a8a0 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000072d3d371 5 bytes JMP 000000011000a990 .text E:\Program Files (x86)\Tensons\Download Accelerator Manager\daman.exe[2716] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000072d3d429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e69d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076e69d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000730e451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000730e4b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000730e4bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000730e4f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000730e4f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000730e9054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000730eadf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000731052e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007310535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000731059cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000073105a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000073105ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000073105b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000073105bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000073105bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000073105c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000073105c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000072cf7e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000072d2de69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000072d3d2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000072d3d371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2852] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000072d3d429 5 bytes JMP 000000011000aa80 .text C:\Users\Robert-PC\Downloads\OTL.exe[1388] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000077961465 2 bytes [96, 77] .text C:\Users\Robert-PC\Downloads\OTL.exe[1388] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000779614bb 2 bytes [96, 77] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010d3e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010d3c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010d4614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010d4a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010d486c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort4 fffffa80069c12c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80069c12c0 Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5 fffffa80069c12c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa80069c12c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80069c12c0 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 fffffa80069c12c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80069c12c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 fffffa80069c12c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80069c12c0 Device \FileSystem\Ntfs \Ntfs fffffa80073392c0 Device \Driver\dtsoftbus01 \Device\00000064 fffffa8007bd62c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80081952c0 Device \Driver\cdrom \Device\CdRom0 fffffa800750f2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{900A234F-72DC-4B79-BB1E-B43F6C97FF2D} fffffa8007ea42c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80081952c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8007bd62c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80081952c0 Device \Driver\USBSTOR \Device\00000072 fffffa80086142c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007ea42c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80069c12c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80081952c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80069c12c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80069c12c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80069c12c0 Device \Driver\atapi \Device\ScsiPort4 fffffa80069c12c0 Device \Driver\atapi \Device\ScsiPort5 fffffa80069c12c0 Device \Driver\USBSTOR \Device\0000006e fffffa80086142c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80069c12c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa80069c12c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8007b4c060] fffffa8007b4c060 Trace 3 CLASSPNP.SYS[fffff88001ae643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800763f680] fffffa800763f680 Trace \Driver\atapi[0xfffffa80074e3d50] -> IRP_MJ_CREATE -> 0xfffffa80069c12c0 fffffa80069c12c0 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2496:4044] 000007fefbb92a7c Thread C:\Windows\SoftwareDistribution\Download\Install\NDP451-KB2858725-x86-x64-ENU.exe [4884:2216] 00000000779e2e65 Thread C:\Windows\SoftwareDistribution\Download\Install\NDP451-KB2858725-x86-x64-ENU.exe [4884:4724] 00000000779e3e85 Thread C:\Windows\SoftwareDistribution\Download\Install\NDP451-KB2858725-x86-x64-ENU.exe [4884:1840] 00000000779e3e85 Thread E:\56fddc4dc7b39032a4006a22273ad1\Setup.exe [3472:1760] 00000000779e2e65 Thread E:\56fddc4dc7b39032a4006a22273ad1\Setup.exe [3472:3712] 00000000779e3e85 Thread E:\56fddc4dc7b39032a4006a22273ad1\Setup.exe [3472:4148] 00000000779e3e85 Thread E:\56fddc4dc7b39032a4006a22273ad1\Setup.exe [3472:4164] 0000000076e4d864 Thread E:\56fddc4dc7b39032a4006a22273ad1\Setup.exe [3472:4612] 000000006273ba2d Thread E:\56fddc4dc7b39032a4006a22273ad1\Setup.exe [3472:4868] 000000006273ba2d Thread E:\56fddc4dc7b39032a4006a22273ad1\Setup.exe [3472:3692] 00000000779e3e85 Thread E:\56fddc4dc7b39032a4006a22273ad1\Setup.exe [3472:4416] 00000000759482a5 Thread E:\56fddc4dc7b39032a4006a22273ad1\Setup.exe [3472:4900] 00000000779e3e85 Thread E:\56fddc4dc7b39032a4006a22273ad1\Setup.exe [3472:4100] 00000000779e7151 Thread E:\56fddc4dc7b39032a4006a22273ad1\Setup.exe [3472:4660] 000000006cce7311 ---- Processes - GMER 2.1 ---- Library C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\9da5bb33cd1c34b7851c088f0cf749cc\mscorlib.ni.dll (*** suspicious ***) @ E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1380] (Microsoft Common Language Runtime Class Library/Microsoft Corp(2014-01-05 18:45:09) 000007feef600000 Library C:\Windows\assembly\NativeImages_v4.0.30319_64\System\e3305bdbd03ef919051aa7f2783ac32a\System.ni.dll (*** suspicious ***) @ E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [1380] (.NET Framework/Microsoft Corporation)(2014-01-05 18:45:19) 000007feee960000 Library C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\9da5bb33cd1c34b7851c088f0cf749cc\mscorlib.ni.dll (*** suspicious ***) @ E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2000] (Microsoft Common Language Runtime Class Library/Microsoft Corp(2014-01-05 18:45:09) 000007feef600000 Library C:\Windows\assembly\NativeImages_v4.0.30319_64\System\e3305bdbd03ef919051aa7f2783ac32a\System.ni.dll (*** suspicious ***) @ E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2000] (.NET Framework/Microsoft Corporation)(2014-01-05 18:45:19) 000007feee960000 Library E:\56fddc4dc7b39032a4006a22273ad1\Setup.exe (*** suspicious ***) @ E:\56fddc4dc7b39032a4006a22273ad1\Setup.exe [3472] (Setup Installer/Microsoft Corporation SIGNED)(2013-09-12 04:21:54) 0000000001130000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0x8B 0x62 0xE9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEE 0x07 0x63 0x8A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0x8B 0x62 0xE9 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEE 0x07 0x63 0x8A ... ---- Files - GMER 2.1 ---- File C:\Users\Robert-PC\Downloads\Extras.Txt 46866 bytes ---- EOF - GMER 2.1 ----