GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-04-27 15:29:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD1600JS-22MHB0 rev.02.01C03 149,05GB Running: r77ln1ps.exe; Driver: C:\Users\user\AppData\Local\Temp\awlcaaob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ded000 5 bytes JMP fffff80102dec9a9 INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 536 fffff80002ded008 63 bytes [60, B4, 0F, 00, 60, B4, 0F, ...] ---- User code sections - GMER 2.1 ---- .text D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075921465 2 bytes [92, 75] .text D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759214bb 2 bytes [92, 75] .text ... * 2 .text D:\Programy\Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000075921465 2 bytes [92, 75] .text D:\Programy\Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000759214bb 2 bytes [92, 75] .text ... * 2 .text C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075921465 2 bytes [92, 75] .text C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759214bb 2 bytes [92, 75] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075921465 2 bytes [92, 75] .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759214bb 2 bytes [92, 75] .text ... * 2 .text D:\Programy\Malwarebytes Anti-Malware\mbam.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075921465 2 bytes [92, 75] .text D:\Programy\Malwarebytes Anti-Malware\mbam.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759214bb 2 bytes [92, 75] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [5192] entry point in ".rdata" section 0000000065d371e6 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0xE9 0x78 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0x3A 0xBB 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0xDA 0x37 0x38 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0xE9 0x78 0xF8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0x3A 0xBB 0x5D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0xDA 0x37 0x38 ... ---- EOF - GMER 2.1 ----