GMER 2.2.19882 - http://www.gmer.net Rootkit scan 9999-07-23 01:33:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3808110AS rev.2AAA 74,53GB Running: 3ghed8ls.exe; Driver: C:\Users\xxx\AppData\Local\Temp\uxriqpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077da1465 2 bytes [DA, 77] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077da14bb 2 bytes [DA, 77] .text ... * 2 ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\spoolsv.exe [1064:1464] 000007fefa1a10c8 Thread C:\Windows\System32\spoolsv.exe [1064:1476] 000007fefa166144 Thread C:\Windows\System32\spoolsv.exe [1064:1480] 000007fefa115fd0 Thread C:\Windows\System32\spoolsv.exe [1064:1484] 000007fef9ea3438 Thread C:\Windows\System32\spoolsv.exe [1064:1488] 000007fefa1163ec Thread C:\Windows\System32\spoolsv.exe [1064:1496] 000007fefa435e5c Thread C:\Windows\System32\spoolsv.exe [1064:1600] 000007fefa3f8760 Thread C:\Windows\system32\WUDFHost.exe [2824:2860] 000007fef54724a0 Thread C:\Windows\System32\svchost.exe [2624:2868] 000007fef4339688 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{34545AD8-7746-4894-A104-D8ED395EAB52}@LeaseObtainedTime -14768939 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{34545AD8-7746-4894-A104-D8ED395EAB52}@T1 -14725739 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{34545AD8-7746-4894-A104-D8ED395EAB52}@T2 -14693339 ---- EOF - GMER 2.2 ----