GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-08 22:22:57 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000072 ATA_____ rev.3M__ 465,76GB Running: m4hxfzpq.exe; Driver: C:\Users\KARPOLA\AppData\Local\Temp\fxlirpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fbd000 63 bytes [00, 00, 15, 00, 46, 69, 6C, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff80002fbd042 4 bytes [00, 00, 00, 00] ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\wininit.exe[640] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\system32\winlogon.exe[704] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\system32\services.exe[748] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\system32\svchost.exe[876] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\System32\svchost.exe[568] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\System32\svchost.exe[892] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\system32\svchost.exe[344] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\system32\svchost.exe[1028] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files\IDT\WDM\STacSV64.exe[1072] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\system32\svchost.exe[1396] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\System32\spoolsv.exe[1688] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\system32\svchost.exe[1728] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000775fa2ba 1 byte [62] .text C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe[1892] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\system32\svchost.exe[1972] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2044] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000775fa2ba 1 byte [62] .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[1788] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2264] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\System32\rundll32.exe[2776] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\Explorer.EXE[3136] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\system32\taskhost.exe[3320] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Windows\System32\igfxtray.exe[3456] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Windows\System32\hkcmd.exe[3532] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Windows\System32\igfxpers.exe[3544] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3660] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3688] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000775fa2ba 1 byte [62] .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3736] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3752] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe[3784] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files\TOSHIBA\TECO\Teco.exe[3796] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files\TOSHIBA\TECO\TecoHook.exe[4076] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2496] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\system32\SearchIndexer.exe[3632] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Windows\System32\StikyNot.exe[3776] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3768] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe[3524] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4064] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000775fa2ba 1 byte [62] .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2296] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe[4104] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4140] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000775d8769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4140] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000775fa2ba 1 byte [62] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe[4876] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[1356] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000775fa2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3308] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000775fa2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2864] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000775fa2ba 1 byte [62] .text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[1812] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[4944] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2404] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[5132] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\windows\notepad.exe[3176] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779feecd 1 byte [62] .text C:\Users\KARPOLA\Desktop\m4hxfzpq.exe[672] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000775fa2ba 1 byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\windows\system32\mfevtps.exe[1196] @ C:\windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f8ebba0] C:\windows\system32\mfevtps.exe ---- Threads - GMER 2.1 ---- Thread C:\windows\System32\svchost.exe [2060:2972] 000007fef5a09688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\a4db30f741f8 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\a4db30f741f8 (not active ControlSet) ---- EOF - GMER 2.1 ----