GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-11 22:44:24 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS547550A9E384 rev.JE3OA50A 465,76GB Running: 7n9kx3td.exe; Driver: C:\Users\LAPTOP\AppData\Local\Temp\awrdapob.sys ---- User code sections - GMER 2.1 ---- .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076601465 2 bytes [60, 76] .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766014bb 2 bytes [60, 76] .text ... * 2 .text C:\Users\LAPTOP\Desktop\OTL.exe[3488] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000076601465 2 bytes [60, 76] .text C:\Users\LAPTOP\Desktop\OTL.exe[3488] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000766014bb 2 bytes [60, 76] .text ... * 2 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1324] (WindowsProtectManger Service/Fuyu LIMITED)(2015-01-11 19:07:25) 0000000000010000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\50b7c312764d Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\50b7c312764d (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Users\LAPTOP\AppData\Local\Mozilla\Firefox\Profiles\ams11q1f.default\cache2\entries\12176F7741AC632E6E0376A59EAB08DFD031CD82 2012 bytes File C:\Users\LAPTOP\AppData\Local\Mozilla\Firefox\Profiles\ams11q1f.default\thumbnails\4399496acbed2b93632e3c2ceea1b8d4.png 80907 bytes File C:\Users\LAPTOP\AppData\Local\Mozilla\Firefox\Profiles\ams11q1f.default\thumbnails\518e5c87afe20a8415ea885cdd8fb88f.png 38469 bytes File C:\Users\LAPTOP\AppData\Local\Mozilla\Firefox\Profiles\ams11q1f.default\thumbnails\ab242cd24d9db4bc493edc73ac6d197f.png 31877 bytes File C:\Users\LAPTOP\AppData\Local\Mozilla\Firefox\Profiles\ams11q1f.default\thumbnails\e02ec3f2e3ab66281e4d3cf8a4300146.png 43049 bytes File C:\Users\LAPTOP\AppData\Local\Mozilla\Firefox\Profiles\ams11q1f.default\thumbnails\528720bd231ee372957f8c23c613e29a.png 33444 bytes File C:\Users\LAPTOP\AppData\Local\Mozilla\Firefox\Profiles\ams11q1f.default\thumbnails\721d5a7a26fc70c394c8b6e798f19870.png 43077 bytes File C:\Users\LAPTOP\AppData\Local\Mozilla\Firefox\Profiles\ams11q1f.default\thumbnails\7bd3f444008323d660b600e9d4d8fc41.png 981 bytes File C:\Users\LAPTOP\AppData\Local\Mozilla\Firefox\Profiles\ams11q1f.default\thumbnails\908b4dd137a3bc2f2b3b066eb094c295.png 19667 bytes ---- EOF - GMER 2.1 ----