GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-15 23:36:18 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d ST2000LM003_HN-M201RAD rev.2BC10001 1863,02GB Running: y3f2bm6c.exe; Driver: C:\Users\Acer\AppData\Local\Temp\kfldrpob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\Explorer.EXE[1620] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe9774169a 4 bytes [74, 97, FE, 7F] .text C:\Windows\Explorer.EXE[1620] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe977416a2 4 bytes [74, 97, FE, 7F] .text C:\Windows\Explorer.EXE[1620] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe9774181a 4 bytes [74, 97, FE, 7F] .text C:\Windows\Explorer.EXE[1620] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe97741832 4 bytes [74, 97, FE, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4540] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe9774169a 4 bytes [74, 97, FE, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4540] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe977416a2 4 bytes [74, 97, FE, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4540] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe9774181a 4 bytes [74, 97, FE, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4540] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe97741832 4 bytes [74, 97, FE, 7F] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4900] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe9774169a 4 bytes [74, 97, FE, 7F] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4900] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe977416a2 4 bytes [74, 97, FE, 7F] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4900] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe9774181a 4 bytes [74, 97, FE, 7F] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4900] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe97741832 4 bytes [74, 97, FE, 7F] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4900] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffe93151f6a 4 bytes [15, 93, FE, 7F] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4900] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffe93151f82 4 bytes [15, 93, FE, 7F] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2512] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffe93151f6a 4 bytes [15, 93, FE, 7F] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2512] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffe93151f82 4 bytes [15, 93, FE, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[5448] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe9774169a 4 bytes [74, 97, FE, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[5448] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe977416a2 4 bytes [74, 97, FE, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[5448] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffe9774181a 4 bytes [74, 97, FE, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[5448] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffe97741832 4 bytes [74, 97, FE, 7F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [544:560] fffff9600092eb90 ---- Processes - GMER 2.1 ---- Library C:\Users\Acer\AppData\Local\Pokki\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Local\Pokki\Engine\HostAppService.exe [2056] (Chromium/The Chromium Authors)(2015-05-05 17:34:20) 0000000069730000 Library C:\Users\Acer\AppData\Local\Pokki\Engine\icudt.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Local\Pokki\Engine\HostAppService.exe [2056] (ICU Data DLL/The ICU Project)(2015-04-28 20:15:22) 00000000689b0000 Library C:\Users\Acer\AppData\Local\Pokki\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Local\Pokki\Engine\HostAppService.exe [992] (Chromium/The Chromium Authors)(2015-05-05 17:34:20) 0000000069730000 Library C:\Users\Acer\AppData\Local\Pokki\Engine\icudt.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Local\Pokki\Engine\HostAppService.exe [992] (ICU Data DLL/The ICU Project)(2015-04-28 20:15:22) 00000000689b0000 Library C:\Users\Acer\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Local\Pokki\Engine\HostAppService.exe [992](2015-04-28 20:15:22) 0000000068160000 Library C:\Users\Acer\AppData\Local\Pokki\Engine\avcodec-54.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Local\Pokki\Engine\HostAppService.exe [992](2015-04-28 20:15:22) 0000000067f60000 Library C:\Users\Acer\AppData\Local\Pokki\Engine\avutil-51.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Local\Pokki\Engine\HostAppService.exe [992](2015-04-28 20:15:22) 0000000067f30000 Library C:\Users\Acer\AppData\Local\Pokki\Engine\avformat-54.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Local\Pokki\Engine\HostAppService.exe [992](2015-04-28 20:15:22) 0000000067ee0000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----