GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-14 10:36:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0005 465,76GB Running: rmljlxsz.exe; Driver: C:\Users\jas\AppData\Local\Temp\fxldypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772e1465 2 bytes [2E, 77] .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772e14bb 2 bytes [2E, 77] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [5896] entry point in ".rdata" section 000000006cdd71e6 .text D:\auto\autoruns.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772e1465 2 bytes [2E, 77] .text D:\auto\autoruns.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772e14bb 2 bytes [2E, 77] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [5660] entry point in ".rdata" section 000000006cdd71e6 .text D:\auto\autoruns.exe[5660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772e1465 2 bytes [2E, 77] .text D:\auto\autoruns.exe[5660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772e14bb 2 bytes [2E, 77] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4692:4128] 000007fefb6c2bf8 Thread [868:5200] 0000000077362e65 Thread [868:5204] 0000000077363e85 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\wmc.exe (*** suspicious ***) @ C:\ProgramData\wmc.exe [2952] (Microsoft® Windows® Media Center/Microsoft® Corporation)(2014-10-03 19:27:13) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289f4d840 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289f4d840 (not active ControlSet) ---- EOF - GMER 2.1 ----