GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-04 15:22:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\000000a9 HGST rev.GH2O 465,76GB Running: hykxqvic.exe; Driver: C:\Users\michala\AppData\Local\Temp\pxldauoc.sys ---- User code sections - GMER 2.1 ---- .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cc1465 2 bytes [CC, 76] .text c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cc14bb 2 bytes [CC, 76] .text ... * 2 .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[2992] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076bc8791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[2992] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076cc1465 2 bytes [CC, 76] .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[2992] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076cc14bb 2 bytes [CC, 76] .text ... * 2 .text c:\Windows\SysWOW64\flcdlock.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cc1465 2 bytes [CC, 76] .text c:\Windows\SysWOW64\flcdlock.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cc14bb 2 bytes [CC, 76] .text ... * 2 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[6168] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 0000000076bc34b1 4 bytes {CALL 0xffffffff898b36d0} .text C:\Program Files (x86)\NetSetMan\netsetman.exe[6168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cc1465 2 bytes [CC, 76] .text C:\Program Files (x86)\NetSetMan\netsetman.exe[6168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cc14bb 2 bytes [CC, 76] .text ... * 2 .text C:\Windows\SysWOW64\RunDll32.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cc1465 2 bytes [CC, 76] .text C:\Windows\SysWOW64\RunDll32.exe[6308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cc14bb 2 bytes [CC, 76] .text ... * 2 .text C:\Users\michala\Downloads\hykxqvic.exe[6868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cc1465 2 bytes [CC, 76] .text C:\Users\michala\Downloads\hykxqvic.exe[6868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cc14bb 2 bytes [CC, 76] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18cf5e0504ab Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18cf5e0504ab (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Users\michala\AppData\Local\Mozilla\Firefox\Profiles\7acwibng.default\startupCache\startupCache.4.little 1214105 bytes ---- EOF - GMER 2.1 ----