GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-11 19:06:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM251JI rev.2SS00_03 232,89GB Running: gmer.exe; Driver: C:\Users\admin\AppData\Local\Temp\pxldapoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Connectify\ConnectifyD.exe[2020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076011465 2 bytes [01, 76] .text C:\Program Files (x86)\Connectify\ConnectifyD.exe[2020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760114bb 2 bytes [01, 76] .text ... * 2 .text C:\Program Files (x86)\SafeIP\SafeIPs.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076011465 2 bytes [01, 76] .text C:\Program Files (x86)\SafeIP\SafeIPs.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760114bb 2 bytes [01, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4468:3372] 000007fefc262a7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\ Reg HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764 1052 Reg HKLM\SYSTEM\ControlSet003\services\ (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\@Parameters\0\x202e\x2764 1052 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BEC0AD49-6709-5F87-D846-8441F75871E0} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BEC0AD49-6709-5F87-D846-8441F75871E0}@oapilddfgcecoeohhapenfmdoajaaj 0x69 0x61 0x65 0x6E ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----