GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-14 18:30:56 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uxddqpow.sys ---- Threads - GMER 2.1 ---- Thread C:\ProgramData\DatacardService\HWDeviceService64.exe [1968:1992] 000007feff1aa808 Thread [2200:2228] 000007feff1aa808 Thread [2200:5244] 0000000076ecfbf0 Thread [2236:2248] 0000000076ecfbf0 Thread [2236:2252] 000007feff1aa808 Thread C:\Windows\SysWOW64\ntdll.dll [3836:3960] 0000000000e51660 Thread C:\Windows\SysWOW64\ntdll.dll [3836:3852] 000000007243ae01 Thread C:\Windows\SysWOW64\ntdll.dll [3836:4512] 000000007243ae01 Thread C:\Windows\SysWOW64\ntdll.dll [3836:4852] 00000000742fc59c Thread C:\Windows\SysWOW64\ntdll.dll [3836:4440] 00000000742fc59c Thread C:\Windows\SysWOW64\ntdll.dll [3836:4492] 000000007194c580 Thread C:\Windows\SysWOW64\ntdll.dll [3836:1476] 0000000072432b80 Thread C:\Windows\SysWOW64\ntdll.dll [3936:3940] 00000000012af794 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5080:4888] 000007fefb2b2bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5080:3652] 000007fee6664830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5080:5692] 000007fefa1f5124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5080:2756] 000007fee65e9d90 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5080:4436] 000007fee6664830 Thread [2272:4356] 000007feff1aa808 Thread [2272:2408] 0000000076ecaef0 Thread [2272:4460] 0000000076ecfbf0 Thread [3560:2276] 0000000076ecaef0 Thread [3560:3008] 0000000076ecfbf0 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [1052:6504] 00000000770e2e65 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [1052:6160] 00000000770e3e85 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [1052:6912] 00000000770e3e85 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [1052:3844] 0000000056fa8f48 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [1052:5072] 00000000770e3e85 ---- Processes - GMER 2.1 ---- Process C:\Users\Admin\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe (*** suspicious ***) @ C:\Users\Admin\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe [6392](2014-01-28 17:36:04) 0000000000400000 ---- EOF - GMER 2.1 ----