GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-07-13 22:55:35 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS547575A9E384 rev.JE4OA60A 698,64GB Running: r0s0xozc.exe; Driver: C:\Users\Wojtek\AppData\Local\Temp\ufdiqpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031a2000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031a202f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076af1465 2 bytes [AF, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076af14bb 2 bytes [AF, 76] .text ... * 2 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[464] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ce8791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076af1465 2 bytes [AF, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076af14bb 2 bytes [AF, 76] .text ... * 2 .text C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076af1465 2 bytes [AF, 76] .text C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076af14bb 2 bytes [AF, 76] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076af1465 2 bytes [AF, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076af14bb 2 bytes [AF, 76] .text ... * 2 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3172] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000076af1465 2 bytes [AF, 76] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3172] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 0000000076af14bb 2 bytes [AF, 76] .text ... * 2 .text D:\Malwarebytes Anti-Malware\mbamscheduler.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076af1465 2 bytes [AF, 76] .text D:\Malwarebytes Anti-Malware\mbamscheduler.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076af14bb 2 bytes [AF, 76] .text ... * 2 .text D:\Malwarebytes Anti-Malware\mbam.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076af1465 2 bytes [AF, 76] .text D:\Malwarebytes Anti-Malware\mbam.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076af14bb 2 bytes [AF, 76] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [4592] entry point in ".rdata" section 0000000073bf71e6 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2796:3496] 000007fefbd09688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2588:4032] 000007fefbf22bf8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\642737112642 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 87750 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\642737112642 (not active ControlSet) ---- EOF - GMER 2.1 ----