GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-19 18:08:04 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP4T0L0-6 ST31500341AS rev.CC1H 1397,26GB Running: 1h17bh58.exe; Driver: C:\Users\RAF\AppData\Local\Temp\pwddqpoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2028] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075bc1465 2 bytes [BC, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2028] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075bc14bb 2 bytes [BC, 75] .text ... * 2 .text M:\ProgramFilesR\AutoDesk3DSMax2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe[1152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bc1465 2 bytes [BC, 75] .text M:\ProgramFilesR\AutoDesk3DSMax2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe[1152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bc14bb 2 bytes [BC, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2060] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074e01a22 2 bytes [E0, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2060] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074e01ad0 2 bytes [E0, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2060] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074e01b08 2 bytes [E0, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2060] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074e01bba 2 bytes [E0, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2060] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074e01bda 2 bytes [E0, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bc1465 2 bytes [BC, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bc14bb 2 bytes [BC, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bc1465 2 bytes [BC, 75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bc14bb 2 bytes [BC, 75] .text ... * 2 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4448] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075ac87c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bc1465 2 bytes [BC, 75] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bc14bb 2 bytes [BC, 75] .text ... * 2 .text C:\ProgramFilesL\totalcmd\TOTALCMD.EXE[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bc1465 2 bytes [BC, 75] .text C:\ProgramFilesL\totalcmd\TOTALCMD.EXE[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bc14bb 2 bytes [BC, 75] .text ... * 2 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef8b5741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef8b55f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef8b55674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef8b55e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef8b57f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef8b56a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef8b56ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef8b57b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef8b57ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef8b578b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef8b54fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef8b55d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef8b57584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk3\DR3 unknown MBR code ---- EOF - GMER 2.2 ----