GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-01 00:48:20 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK1652GSX rev.LV011C 149,05GB Running: lfvzyfki.exe; Driver: C:\Users\Monia\AppData\Local\Temp\ugloypod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074ca8791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077091401 2 bytes JMP 74ccb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077091419 2 bytes JMP 74ccb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077091431 2 bytes JMP 74d48ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007709144a 2 bytes CALL 74ca48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000770914dd 2 bytes JMP 74d487a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000770914f5 2 bytes JMP 74d48978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007709150d 2 bytes JMP 74d48698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077091525 2 bytes JMP 74d48a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007709153d 2 bytes JMP 74cbfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077091555 2 bytes JMP 74cc68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007709156d 2 bytes JMP 74d48f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077091585 2 bytes JMP 74d48ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007709159d 2 bytes JMP 74d4865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000770915b5 2 bytes JMP 74cbfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000770915cd 2 bytes JMP 74ccb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000770916b2 2 bytes JMP 74d48e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1676] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000770916bd 2 bytes JMP 74d485f1 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00218687669b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00218687669b@a87b391ebb38 0xAE 0x22 0xB7 0xAB ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00218687669b@045a95efcfa6 0x98 0x66 0x73 0x44 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00218687669b@001b98215d46 0xBC 0x71 0xC9 0xAF ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00218687669b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00218687669b@a87b391ebb38 0xAE 0x22 0xB7 0xAB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00218687669b@045a95efcfa6 0x98 0x66 0x73 0x44 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00218687669b@001b98215d46 0xBC 0x71 0xC9 0xAF ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4C 0x93 0x21 0xE2 ... ---- Files - GMER 2.1 ---- File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\850E98CA1684046DCDEDBDAE5163ABC8B886A5F5 1717 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\1822288E8E36D3E1117495B98A2152DE859DE6C7 1797 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\0D4B2CD9D84C548D08E3722C95F4DB9C8F9D14C7 735 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\73A5BD5DB4979046DA36E8B5683F87EDE8A4E919 20915 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\15992798DF828824616466D693DC307A883E7462 2745 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\B389A4B5A744EE05DF7CAFEE7725C11DA137A409 2749 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\0C9C6CE33AD0CE136EE557C3E48AE8F762B0A7E0 1716 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\5E72FDFB7EF5A2BC9B8D5650272A3E62F8C49EA0 841 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\1FC2098F676E548316E866A0A93879BE58FB0D7D 1281 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\B902E1CC64F8132F536654B8685F5FBCB2DA49D5 9134 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\C2934EAF7F527C032F4AD65EE9C7A443031A0B00 1081 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\45747197B40AFB113D6C370262421850FA971CDF 7091 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\7D32160EBA59AD24BDC88DCC3283A89995EF9E75 10421 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\50B69026582389BE71FEFA1196FE0BEECD31D3A9 889 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\4E3A8818AD91363FCBBCDA01096435958C929CF9 1716 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\5468668C9934A729C7B8987B3ECAF5F6843D53B0 9134 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\8150C725D5788911B6677A58B618D78BCA6A36DE 2564 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\6EB06E373DD8FED55225FC6468842C7EE7EB6C43 936 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\39FE9F7E6C64CCCFBEF00869F6272BD955C0E410 9134 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\2CC64CCEE6A265584934861D61DBDCF8E8D58C12 1753 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\92213D400FE2D32A9FB5F7E438907966A06F132B 2544 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\DBDB382CBEA9807A7FC81EB6D1263747956B0C84 779 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\578E2AB9036F39ADDB87942FD7833262B462787F 963 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\16A5FFDA6323EDFB6B7E19647FE22698B08C6E7D 9134 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\4323627C7BE6ABA6E29FEC6E26AC2EF57B2FCCF8 9134 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\F3851587E45C4A5EF3E5B4DCF13418B21AE536F1 9134 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\A1C16E3556C1B3DB486927091FD3791246A168D9 1113 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\380D34D05D99EDB8D956D6E1A5917F1A68BDDC98 9134 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\1C2F5D118109CD61EAAA4C3EE6208DF61A811E67 1104 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\22BE07DF80533803E1770CE35B806AAC3A97E646 890 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\2A6FF478DB55BF3B5BF989466CE8B5E3ACAC271F 9134 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\49B47A1EDB443A9C547199AF6E8E372189CEA3F5 9134 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\A53CB48189956707F8285B0A04C9B1C314BC39D0 785 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\3D1DE9FE65FB4BB72F570596C552C0BD11E06393 811 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\A2050603E0AF63CD8FF1DBE8C5AD57E782066DD4 981 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\E9AFDAC128ED411C3944F7D7ED322C4BB851EDFE 2871 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\6ADF99E8E639F7B0BC3AF74154FA7CAD33767459 7175 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\F4836E959E569D27AB99C13D53CB3C37C56FEB36 825 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\81D3CCA6F8BDDC9D5716865E8AA6F7237EEE645C 1716 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\741B0740BC5E51D08F40AC06A8754055AD7192E7 250838 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\39CC8AA9054EC6244CA281EEA4BD937517E2861D 18591 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\C2D9F7438BD98215220A11CE46528B718D95A77C 1025 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\569B786159FA12472C9A37A0E22D96D557177145 16433 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\A773F4396A4F817E151B635FE5A6D4295D266E58 897 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\FEE96C891F5F7EBBB11145690DD3BCF51C23FDB0 1126 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\2D4AD2E304BD5C68CC4F57A2D8F3591ED34FD77D 9134 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\2D712602DBB544DF92325EB040721B38B205E0A1 9134 bytes File C:\Users\Monia\AppData\Local\Mozilla\Firefox\Profiles\yfcpv1ez.default-1426161644519\cache2\entries\3097091C615432C7EB64D2FCF48F86018D8A81E7 1078 bytes ---- EOF - GMER 2.1 ----