GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-02 01:45:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5076GSXN rev.GB001M 465,76GB Running: 20ndn1qr.exe; Driver: C:\Users\szczuro\AppData\Local\Temp\pfddypow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002ff0000 30 bytes [0F, 00, 02, BA, 6F, 03, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff80002ff001f 15 bytes [00, 00, 00, 88, 0B, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1716] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77] .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1716] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77] .text ... * 2 .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77] .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77] .text ... * 2 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[1008] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77] .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[1008] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5080:4336] 000007fefaec2a7c ---- Processes - GMER 2.1 ---- Library C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PhoneBrowser64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2052] 0000000180000000 Library C:\Program Files (x86)\Nokia\Nokia PC Suite 7\NGSCM64.DLL (*** suspicious ***) @ C:\Windows\Explorer.EXE [2052] 000007fee1320000 Library C:\Program Files (x86)\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr (*** suspicious ***) @ C:\Windows\Explorer.EXE [2052] 0000000010000000 Library C:\Program Files (x86)\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr (*** suspicious ***) @ C:\Windows\Explorer.EXE [2052] 0000000004350000 ---- EOF - GMER 2.1 ----