GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-08 21:41:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000LM014-1EJ164 rev.LVD1 931,51GB Running: 3qz8492o.exe; Driver: C:\Users\User\AppData\Local\Temp\fxldrpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003403000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000340302f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Dwm.exe[2132] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce42db0 5 bytes JMP 000007fffce10180 .text C:\Windows\system32\Dwm.exe[2132] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce437d0 7 bytes JMP 000007fffce100d8 .text C:\Windows\system32\Dwm.exe[2132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce48ef0 6 bytes JMP 000007fffce10148 .text C:\Windows\system32\Dwm.exe[2132] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce5af60 5 bytes JMP 000007fffce10110 .text C:\Windows\system32\Dwm.exe[2132] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef689e0 8 bytes JMP 000007fffce101f0 .text C:\Windows\system32\Dwm.exe[2132] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef6be40 8 bytes JMP 000007fffce101b8 .text C:\Windows\system32\Dwm.exe[2132] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef637dc88 5 bytes JMP 000007fff63500d8 .text C:\Windows\system32\Dwm.exe[2132] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef637de10 5 bytes JMP 000007fff6350110 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75] .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75] .text ... * 2 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75] .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75] .text ... * 2 .text C:\Windows\SysWOW64\RunDll32.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75] .text C:\Windows\SysWOW64\RunDll32.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75] .text ... * 2 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75] .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c3e84dcbfec Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c3e84dcbfec@001167111487 0x72 0x8A 0x17 0xED ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2cd05af779ee Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b8763fa22338 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c3e84dcbfec (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c3e84dcbfec@001167111487 0x72 0x8A 0x17 0xED ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2cd05af779ee (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b8763fa22338 (not active ControlSet) ---- EOF - GMER 2.1 ----