GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-10 16:04:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1CH162 rev.CC47 931,51GB Running: gmer.exe; Driver: C:\Users\WERSYL~1\AppData\Local\Temp\axrdqpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000717617fa 2 bytes CALL 75fb11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000071761860 2 bytes CALL 75fb11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000071761942 2 bytes JMP 76ab7089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007176194d 2 bytes JMP 76abcba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d81401 2 bytes JMP 75fdb233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d81419 2 bytes JMP 75fdb35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d81431 2 bytes JMP 76059011 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d8144a 2 bytes CALL 75fb48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d814dd 2 bytes JMP 7605890a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d814f5 2 bytes JMP 76058ae0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d8150d 2 bytes JMP 76058800 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d81525 2 bytes JMP 76058bca C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d8153d 2 bytes JMP 75fcfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d81555 2 bytes JMP 75fd6907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d8156d 2 bytes JMP 760590c9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d81585 2 bytes JMP 76058c2a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d8159d 2 bytes JMP 760587c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d815b5 2 bytes JMP 75fcfd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d815cd 2 bytes JMP 75fdb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d816b2 2 bytes JMP 76058f8c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d816bd 2 bytes JMP 76058759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d81401 2 bytes JMP 75fdb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d81419 2 bytes JMP 75fdb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d81431 2 bytes JMP 76059011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d8144a 2 bytes CALL 75fb48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d814dd 2 bytes JMP 7605890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d814f5 2 bytes JMP 76058ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d8150d 2 bytes JMP 76058800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d81525 2 bytes JMP 76058bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d8153d 2 bytes JMP 75fcfcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d81555 2 bytes JMP 75fd6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d8156d 2 bytes JMP 760590c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d81585 2 bytes JMP 76058c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d8159d 2 bytes JMP 760587c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d815b5 2 bytes JMP 75fcfd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d815cd 2 bytes JMP 75fdb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d816b2 2 bytes JMP 76058f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d816bd 2 bytes JMP 76058759 C:\Windows\syswow64\KERNEL32.dll ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3956:3832] 000007fefb1d2af8 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-2b244b16.exe (size mismatch) 7471104/0 bytes executable ---- EOF - GMER 2.2 ----