GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-27 19:32:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0010LVM1 465,76GB Running: o2hruj7x.exe; Driver: C:\Users\Marta\AppData\Local\Temp\ugloypow.sys ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3540:3708] 000007fefb122af4 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3540:3728] 000007fef0e98f70 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3540:976] 000007fef6865124 ---- Processes - GMER 2.2 ---- Library C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19192610-A822-4020-BB23-257CE496BD66}\mpengine.dll (*** suspicious ***) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [832] 000007fef95c0000 Library C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19192610-A822-4020-BB23-257CE496BD66}\offreg.832.dll (*** suspicious ***) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [832] 000007feef680000 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313f8b021 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313f8b021 (not active ControlSet) ---- Files - GMER 2.2 ---- File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-81f0ad25.exe (size mismatch) 1286144/0 bytes executable File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-a578c8ce.exe (size mismatch) 3031040/0 bytes executable File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-dc85d716.exe (size mismatch) 3366912/0 bytes executable ---- EOF - GMER 2.2 ----