GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-23 09:20:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 WDC_WD2500BEVT-60ZCT1 rev.13.01A13 232,89GB Running: d5vlm0g1.exe; Driver: C:\Users\tad\AppData\Local\Temp\uxriypow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ffe000 45 bytes [0C, 00, 48, 8B, 79, 08, 33, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff80002ffe02e 17 bytes [8B, C3, 48, 8B, 8C, 24, A0, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\TermTutor\Service\ttsvc.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d91465 2 bytes [D9, 75] .text C:\Program Files (x86)\TermTutor\Service\ttsvc.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d914bb 2 bytes [D9, 75] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2348] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006fab11a8 2 bytes [AB, 6F] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2348] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006fab13a8 2 bytes [AB, 6F] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2348] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006fab1422 2 bytes [AB, 6F] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2348] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006fab1498 2 bytes [AB, 6F] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880032dc558] \SystemRoot\system32\DRIVERS\klif.sys [unknown section] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3300:3844] 000007fef2359688 ---- Processes - GMER 2.1 ---- Library C:\Windows\Installer\MSIE130.tmp (*** suspicious ***) @ C:\Windows\syswow64\MsiExec.exe [760] 0000000074bc0000 ---- EOF - GMER 2.1 ----