GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-05 20:47:45 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 TOSHIBA_MQ01ABD100 rev.AX003M 931,51GB Running: 4l99jj20.exe; Driver: C:\Users\Ewa\AppData\Local\Temp\awddipob.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\atiesrxx.exe[508] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffea54d169a 4 bytes [4D, A5, FE, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[508] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffea54d16a2 4 bytes [4D, A5, FE, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[508] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffea54d181a 4 bytes [4D, A5, FE, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[508] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffea54d1832 4 bytes [4D, A5, FE, 7F] .text C:\WINDOWS\system32\atieclxx.exe[1064] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffea54d169a 4 bytes [4D, A5, FE, 7F] .text C:\WINDOWS\system32\atieclxx.exe[1064] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffea54d16a2 4 bytes [4D, A5, FE, 7F] .text C:\WINDOWS\system32\atieclxx.exe[1064] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffea54d181a 4 bytes [4D, A5, FE, 7F] .text C:\WINDOWS\system32\atieclxx.exe[1064] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffea54d1832 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\BatBrowse\bin\BatBrowse.BrowserAdapter64.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffea54d169a 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\BatBrowse\bin\BatBrowse.BrowserAdapter64.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffea54d16a2 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\BatBrowse\bin\BatBrowse.BrowserAdapter64.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffea54d181a 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\BatBrowse\bin\BatBrowse.BrowserAdapter64.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffea54d1832 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\BatBrowse\bin\BatBrowse.PurBrowse64.exe[1552] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffea54d169a 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\BatBrowse\bin\BatBrowse.PurBrowse64.exe[1552] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffea54d16a2 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\BatBrowse\bin\BatBrowse.PurBrowse64.exe[1552] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffea54d181a 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\BatBrowse\bin\BatBrowse.PurBrowse64.exe[1552] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffea54d1832 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[5408] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffea54d169a 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[5408] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffea54d16a2 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[5408] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffea54d181a 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[5408] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffea54d1832 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1776] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffea54d169a 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1776] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffea54d16a2 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1776] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffea54d181a 4 bytes [4D, A5, FE, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1776] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffea54d1832 4 bytes [4D, A5, FE, 7F] .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[6176] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffea54d169a 4 bytes [4D, A5, FE, 7F] .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[6176] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffea54d16a2 4 bytes [4D, A5, FE, 7F] .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[6176] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffea54d181a 4 bytes [4D, A5, FE, 7F] .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[6176] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffea54d1832 4 bytes [4D, A5, FE, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [804:828] fffff960008ceb90 ---- Processes - GMER 2.1 ---- Process C:\Users\Ewa\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe (*** suspicious ***) @ C:\Users\Ewa\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe [4084] (FILE NOT FOUND) 0000000000280000 Process C:\Users\Ewa\AppData\Local\Torpedo\Torpedo.exe (*** suspicious ***) @ C:\Users\Ewa\AppData\Local\Torpedo\Torpedo.exe [1048] (Torpedo/Torpedo)(2014-12-01 18:54:18) 0000000000400000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----