GMER 2.1.19355 - http://www.gmer.net Rootkit scan 2014-01-27 20:28:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000065 ST932032 rev.0003 298,09GB Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kwddakob.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [868:2604] 000007fef6746b8c Thread C:\Windows\System32\svchost.exe [868:612] 000007fef6741d88 Thread C:\Windows\System32\svchost.exe [868:3120] 000007fefd1920b0 Thread C:\Windows\System32\svchost.exe [912:2280] 000007fef72088f8 Thread C:\Windows\System32\svchost.exe [912:5580] 000007fef52fd190 Thread C:\Windows\System32\spoolsv.exe [1504:2028] 000007fef93610c8 Thread C:\Windows\System32\spoolsv.exe [1504:2036] 000007fef8566144 Thread C:\Windows\System32\spoolsv.exe [1504:2040] 000007fef8355fd0 Thread C:\Windows\System32\spoolsv.exe [1504:2044] 000007fef8343438 Thread C:\Windows\System32\spoolsv.exe [1504:1036] 000007fef83563ec Thread C:\Windows\System32\spoolsv.exe [1504:1356] 000007fef9415e5c Thread C:\Windows\System32\spoolsv.exe [1504:1204] 000007fef86d5074 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\DatacardService\HWDeviceService64.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\HWDeviceService64.exe [2056] 000000013f670000 Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [2176] 0000000000400000 Process C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2752](2013-05-1 0000000000400000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2752] 000000006fbc0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2752](2013-05-18 09:24:17) 000000006e940000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2752](2 000000006a1c0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2752](2013-05-18 09:24:18) 000000006ff00000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2752](2013-05-18 09:24:18) 000000006efc0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2752] 000000006ed40000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) ---- EOF - GMER 2.1 ----