GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-29 12:16:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465,76GB Running: mdciqe6o.exe; Driver: C:\Users\User\AppData\Local\Temp\kgldipob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3972] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3972] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4240] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4240] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4240] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000071c511a8 2 bytes [C5, 71] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4240] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000071c513a8 2 bytes [C5, 71] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4240] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000071c51422 2 bytes [C5, 71] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4240] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000071c51498 2 bytes [C5, 71] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5064] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5064] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77] .text ... * 2 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4132] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4132] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77] .text ... * 2 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4080] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4080] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77] .text ... * 2 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca94eef70c Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca94eef70c (not active ControlSet) ---- EOF - GMER 2.2 ----