GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-30 21:35:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD502HI rev.1AG01118 465,76GB Running: gmer.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\awrdypog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000072bc17fa 2 bytes CALL 761711a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072bc1860 2 bytes CALL 761711a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072bc1942 2 bytes JMP 75477089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000072bc194d 2 bytes JMP 7547cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075041401 2 bytes JMP 7619b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075041419 2 bytes JMP 7619b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075041431 2 bytes JMP 76218f29 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007504144a 2 bytes CALL 7617489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750414dd 2 bytes JMP 76218822 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750414f5 2 bytes JMP 762189f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007504150d 2 bytes JMP 76218718 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075041525 2 bytes JMP 76218ae2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007504153d 2 bytes JMP 7618fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075041555 2 bytes JMP 761968ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007504156d 2 bytes JMP 76218fe3 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075041585 2 bytes JMP 76218b42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007504159d 2 bytes JMP 762186dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750415b5 2 bytes JMP 7618fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750415cd 2 bytes JMP 7619b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750416b2 2 bytes JMP 76218ea4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750416bd 2 bytes JMP 76218671 C:\Windows\syswow64\kernel32.dll ---- Files - GMER 2.1 ---- File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\gp8b70rw.default\cache2\entries\FE882D14CB2BE16446C58A5E32C5A779FD77DF2A 6415 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\gp8b70rw.default\cache2\entries\C937D617B720894B0C389126B37601D924E7C63A 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\gp8b70rw.default\cache2\entries\742D75A1D644246930740F9FB08ECB8AFBD02110 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\gp8b70rw.default\cache2\entries\5A57737FC34CC190EF4626ACC27AC2BDCDF975E6 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\gp8b70rw.default\cache2\entries\C99E328E908826AB3C4CE129B207BF65A052D756 4433 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\gp8b70rw.default\cache2\entries\F3A702D13546386E9052980B46B9A8B199340253 3602 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\gp8b70rw.default\cache2\entries\15B02BD6453EDB75D78B7C5BA0A461DB2DF2CB3C 20348 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\gp8b70rw.default\cache2\entries\F01614940E365E11EF090A709CED5374F4D2B4DD 3928 bytes ---- EOF - GMER 2.1 ----