GMER 2.1.19355 - http://www.gmer.net Rootkit scan 2014-01-22 19:40:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a WDC_WD50 rev.05.0 465,76GB Running: mcfnn775.exe; Driver: C:\Users\Hub\AppData\Local\Temp\uwtdipow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002df2000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff80002df2011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ed1465 2 bytes [ED, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ed14bb 2 bytes [ED, 74] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3612:3076] 000007fefb172a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3612:3164] 000007fef0324830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3612:704] 000007fef7fc5124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3612:3648] 000007fef02a9d90 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3612:3696] 000007fef0324830 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAC5A98F-DC1F-4E8C-9635-EEEABADF7C70}\mpengine.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2680] (Microsoft Malware Protection Engine/Microsoft Corporation SIGNED)(2014-01-21 15:47:07) 000007feee710000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----