GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-07-08 20:00:37 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010CLA332 rev.JP4OA3MA 931,51GB Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwddakob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Windows\system32\services.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[896] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c1a2fd 1 byte [62] .text C:\Windows\System32\svchost.exe[280] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1044] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c1a2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c1a2fd 1 byte [62] .text C:\Windows\SysWOW64\svchost.exe[1852] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c1a2fd 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1884] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c1a2fd 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770c1465 2 bytes [0C, 77] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770c14bb 2 bytes [0C, 77] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1284] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c1a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2164] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c1a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770c1465 2 bytes [0C, 77] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770c14bb 2 bytes [0C, 77] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2280] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c1a2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2380] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074701a22 2 bytes [70, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2380] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074701ad0 2 bytes [70, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2380] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074701b08 2 bytes [70, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2380] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074701bba 2 bytes [70, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2380] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074701bda 2 bytes [70, 74] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Windows\Explorer.EXE[3764] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Windows\System32\rundll32.exe[3540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3708] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c1a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770c1465 2 bytes [0C, 77] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770c14bb 2 bytes [0C, 77] .text ... * 2 .text C:\Program Files (x86)\Vtune\TBPANEL.exe[3120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c1a2fd 1 byte [62] .text C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe[3252] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c1a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[436] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075bf8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c1a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770c1465 2 bytes [0C, 77] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770c14bb 2 bytes [0C, 77] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Windows\system32\conhost.exe[4832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Program Files\WinRAR\WinRAR.exe[3236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4ef8d 1 byte [62] .text C:\Users\Admin\AppData\Local\Temp\Rar$EXa0.381\gmer.exe[1560] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c1a2fd 1 byte [62] ---- Processes - GMER 2.1 ---- Library C:\Users\Admin\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3764] (GG drive menu/GG Network S.A.)(201 000000005ff80000 Process C:\Users\Admin\AppData\Local\Temp\Rar$EXa0.381\gmer.exe (*** suspicious ***) @ C:\Users\Admin\AppData\Local\Temp\Rar$EXa0.381\gmer.exe [1560](2014-07-08 17:29:38) 0000000000400000 ---- EOF - GMER 2.1 ----