GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-03 21:12:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB Running: stewj5o4.exe; Driver: C:\Users\Ola\AppData\Local\Temp\pfldapod.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!EngSetLastError + 628 fffff96000124994 8 bytes [D0, 6B, 52, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000153c00 7 bytes [00, 96, F3, FF, 01, A2, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000153c08 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[3748] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx + 626 000007fefd539c82 4 bytes {CALL QWORD [RIP+0x190637a]} .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757f1465 2 bytes [7F, 75] .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757f14bb 2 bytes [7F, 75] .text ... * 2 .text C:\Program Files\AVAST Software\Avast\avastui.exe[244] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000754187b1 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab28dd5 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab28dd5@48dcfbf1971c 0x34 0x65 0xCB 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab28dd5@c8979fb5db74 0xD6 0x16 0x57 0x03 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab28dd5@7ce9d3c986f8 0x5D 0x8F 0x8F 0x91 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab28dd5@a4ebd32fe3cc 0xFD 0xA6 0xB9 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 75372 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab28dd5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab28dd5@48dcfbf1971c 0x34 0x65 0xCB 0x04 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab28dd5@c8979fb5db74 0xD6 0x16 0x57 0x03 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab28dd5@7ce9d3c986f8 0x5D 0x8F 0x8F 0x91 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab28dd5@a4ebd32fe3cc 0xFD 0xA6 0xB9 0xC9 ... ---- EOF - GMER 2.2 ----