GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-24 15:09:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB Running: grvrnuuo.exe; Driver: C:\Users\lipen\AppData\Local\Temp\awddqkog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031f0000 45 bytes [00, 00, 09, 04, 56, 61, 64, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031f002f 17 bytes [00, A8, DD, EF, 7F, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AVG\AVG2014\avgfws.exe[1772] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076d11465 2 bytes [D1, 76] .text C:\Program Files (x86)\AVG\AVG2014\avgfws.exe[1772] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076d114bb 2 bytes [D1, 76] .text ... * 2 .text D:\Amigabit Powerbooster\PowerboosterTray.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d11465 2 bytes [D1, 76] .text D:\Amigabit Powerbooster\PowerboosterTray.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d114bb 2 bytes [D1, 76] .text ... * 2 .text C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe[3268] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076d11465 2 bytes [D1, 76] .text C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe[3268] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076d114bb 2 bytes [D1, 76] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d11465 2 bytes [D1, 76] .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d114bb 2 bytes [D1, 76] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d11465 2 bytes [D1, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d114bb 2 bytes [D1, 76] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\winlogon.exe[912] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fef9fd2840] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\winlogon.exe[912] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile] [7fef9fd2720] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\svchost.exe[1208] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress] [7fef9fd2840] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\svchost.exe[1208] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!ReadFile] [7fef9fd2720] c:\windows\system32\uxtuneup.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\20689dc48669 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2cd05ad48e2c Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\20689dc48669 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2cd05ad48e2c (not active ControlSet) ---- EOF - GMER 2.1 ----