GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-21 12:41:44 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: dn7huyjl.exe; Driver: C:\Users\ISAVAN~1\AppData\Local\Temp\fwdcipog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075871465 2 bytes [87, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758714bb 2 bytes [87, 75] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2360] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006fb711a8 2 bytes [B7, 6F] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2360] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006fb713a8 2 bytes [B7, 6F] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2360] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006fb71422 2 bytes [B7, 6F] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2360] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006fb71498 2 bytes [B7, 6F] .text C:\Users\IsavannahXpressI\AppData\Local\DM\TinyDM.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075871465 2 bytes [87, 75] .text C:\Users\IsavannahXpressI\AppData\Local\DM\TinyDM.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758714bb 2 bytes [87, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075871465 2 bytes [87, 75] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758714bb 2 bytes [87, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073ff1a22 2 bytes [FF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073ff1ad0 2 bytes [FF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073ff1b08 2 bytes [FF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073ff1bba 2 bytes [FF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073ff1bda 2 bytes [FF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075871465 2 bytes [87, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758714bb 2 bytes [87, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075871465 2 bytes [87, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758714bb 2 bytes [87, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4092:4324] 000007fefb722a88 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4092:4340] 000007fef299c0b0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4092:4356] 000007fef299c0b0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4092:4432] 000007fef6a55124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c305cb Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 14249 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c305cb (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----