GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-14 15:59:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB Running: tyieh2ug.exe; Driver: C:\Users\mat\AppData\Local\Temp\uxrirpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037b1000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff800037b1011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f} ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\taskhost.exe [1380:3984] 000007fef8d85170 Thread [1448:1596] 0000000076e17587 Thread [1448:1628] 000000007377c59c Thread [1448:1912] 000000007377c59c Thread [1448:1916] 000000007377c59c Thread [1448:1920] 000000007377c59c Thread [1448:1940] 00000000736832fb Thread [1448:1964] 0000000077282e65 Thread [1448:1284] 0000000077283e85 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3208:3508] 0000000074216358 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3208:3516] 0000000073f1f71d Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3208:3524] 0000000073f1f71d Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3208:3528] 0000000073f15b1a Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3208:3560] 00000000741c0b14 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3812:3552] 000007fefb262a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3812:3536] 000007feeed8d618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3812:4948] 000007fefa665124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0x79 0x83 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCA 0x93 0xA1 0x03 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0x79 0x83 0xE2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCA 0x93 0xA1 0x03 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Users\mat\AppData\Local\Mozilla\Firefox\Profiles\pkpts2ka.default\Cache\E\35\418D0d01 479232 bytes ---- EOF - GMER 2.1 ----