GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-15 22:41:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.D005DEM1 465,76GB Running: yrdj5i1x.exe; Driver: C:\Users\Bartek\AppData\Local\Temp\kwrdipob.sys ---- Processes - GMER 2.1 ---- Process C:\Users\Bartek\AppData\Local\Screamer Radio\screamer.exe (*** suspicious ***) @ C:\Users\Bartek\AppData\Local\Screamer Radio\screamer.exe [4572] (Screamer Radio/Steamcore.se)(2010-11-20 14:58:08) 0000000000400000 Library C:\Users\Bartek\AppData\Local\Screamer Radio\iconv.dll (*** suspicious ***) @ C:\Users\Bartek\AppData\Local\Screamer Radio\screamer.exe [4572] (LGPLed libiconv for Windows NT/2000/XP and Windows 95/98/ME/Free Software Foundation)(2007-01-17 22:52:02) 0000000010000000 Library C:\Users\Bartek\AppData\Local\Screamer Radio\bass.dll (*** suspicious ***) @ C:\Users\Bartek\AppData\Local\Screamer Radio\screamer.exe [4572] (BASS/Un4seen Developments)(2010-06-17 11:31:40) 0000000011000000 Library C:\Users\Bartek\AppData\Local\Screamer Radio\basswma.dll (*** suspicious ***) @ C:\Users\Bartek\AppData\Local\Screamer Radio\screamer.exe [4572] (BASSWMA/Un4seen Developments)(2010-09-17 11:28:26) 0000000010100000 Library C:\Users\Bartek\AppData\Local\Screamer Radio\bass_aac.dll (*** suspicious ***) @ C:\Users\Bartek\AppData\Local\Screamer Radio\screamer.exe [4572] (Advanced Audio Coding and MPEG-4 add-on for the BASS library/MaresWEB)(2009-02-27 13:52:50) 0000000002e50000 Library C:\Users\Bartek\AppData\Local\Screamer Radio\lame_enc.dll (*** suspicious ***) @ C:\Users\Bartek\AppData\Local\Screamer Radio\screamer.exe [4572](2010-03-23 08:05:18) 00000000720c0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\642737e4bee8 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x2F 0x1A 0x34 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\642737e4bee8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x2F 0x1A 0x34 ... ---- EOF - GMER 2.1 ----