GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-11-10 22:26:25 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002b HGST_HTS545050A7E380 rev.GG2ZBD90 465,76GB Running: m57g1hli.exe; Driver: C:\Users\Iza\AppData\Local\Temp\fxryrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\Explorer.EXE[1484] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb78cb169a 4 bytes [CB, 78, FB, 7F] .text C:\WINDOWS\Explorer.EXE[1484] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb78cb16a2 4 bytes [CB, 78, FB, 7F] .text C:\WINDOWS\Explorer.EXE[1484] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb78cb181a 4 bytes [CB, 78, FB, 7F] .text C:\WINDOWS\Explorer.EXE[1484] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb78cb1832 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2324] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb78cb169a 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2324] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb78cb16a2 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2324] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb78cb181a 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2324] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb78cb1832 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2984] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffb78cb169a 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2984] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffb78cb16a2 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2984] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffb78cb181a 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2984] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffb78cb1832 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4308] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb63ee1f6a 4 bytes [EE, 63, FB, 7F] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4308] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb63ee1f82 4 bytes [EE, 63, FB, 7F] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4308] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb78cb169a 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4308] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb78cb16a2 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4308] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb78cb181a 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4308] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb78cb1832 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4340] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffb78cb169a 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4340] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffb78cb16a2 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4340] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffb78cb181a 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4340] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffb78cb1832 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb63ee1f6a 4 bytes [EE, 63, FB, 7F] .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb63ee1f82 4 bytes [EE, 63, FB, 7F] .text C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowse64.exe[4992] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb78cb169a 4 bytes [CB, 78, FB, 7F] .text C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowse64.exe[4992] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb78cb16a2 4 bytes [CB, 78, FB, 7F] .text C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowse64.exe[4992] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb78cb181a 4 bytes [CB, 78, FB, 7F] .text C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowse64.exe[4992] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb78cb1832 4 bytes [CB, 78, FB, 7F] .text C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe[2540] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb78cb169a 4 bytes [CB, 78, FB, 7F] .text C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe[2540] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb78cb16a2 4 bytes [CB, 78, FB, 7F] .text C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe[2540] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb78cb181a 4 bytes [CB, 78, FB, 7F] .text C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe[2540] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb78cb1832 4 bytes [CB, 78, FB, 7F] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2164] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb63ee1f6a 4 bytes [EE, 63, FB, 7F] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2164] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb63ee1f82 4 bytes [EE, 63, FB, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [484:516] fffff960008deb90 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----