GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-01-14 10:03:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LT0 rev.0001 465,76GB Running: cuucp8fm.exe; Driver: C:\Users\Magda\AppData\Local\Temp\pfldypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1648] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1648] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Windows\SysWOW64\RunDll32.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Windows\SysWOW64\RunDll32.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\3CXPhone\3CXPhone.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\3CXPhone\3CXPhone.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\3CXPhone\3CXPhone.exe[6204] C:\Windows\SysWow64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000073671b41 2 bytes [67, 73] .text C:\Program Files (x86)\3CXPhone\3CXPhone.exe[6204] C:\Windows\SysWow64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000073671be8 2 bytes [67, 73] .text C:\Program Files (x86)\3CXPhone\3CXPhone.exe[6204] C:\Windows\SysWow64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000073671c20 2 bytes [67, 73] .text C:\Program Files (x86)\3CXPhone\3CXPhone.exe[6204] C:\Windows\SysWow64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000073671cd2 2 bytes [67, 73] .text C:\Program Files (x86)\3CXPhone\3CXPhone.exe[6204] C:\Windows\SysWow64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000073671cf2 2 bytes [67, 73] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9a6cd10 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9a6cd10@ac81f38e0db2 0x77 0xE7 0x57 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9a6cd10@10683fb259d7 0x94 0x50 0xAC 0x42 ... Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 4692 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9a6cd10 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9a6cd10@ac81f38e0db2 0x77 0xE7 0x57 0x18 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9a6cd10@10683fb259d7 0x94 0x50 0xAC 0x42 ... ---- EOF - GMER 2.1 ----