GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-12 12:52:54 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 Intel___ rev.1.0. 1863,01GB Running: oe16o1xu.exe; Driver: C:\Users\SIEDLE~1\AppData\Local\Temp\afxdraog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800033ff000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 598 fffff800033ff036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073ba1a22 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073ba1ad0 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073ba1b08 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073ba1bba 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073ba1bda 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751c1465 2 bytes [1C, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751c14bb 2 bytes [1C, 75] .text ... * 2 .text C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751c1465 2 bytes [1C, 75] .text C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751c14bb 2 bytes [1C, 75] .text ... * 2 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3872] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076e487b1 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751c1465 2 bytes [1C, 75] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751c14bb 2 bytes [1C, 75] .text ... * 2 .text C:\ProgramData\Razer\SwitchBlade\RzSBHelper.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751c1465 2 bytes [1C, 75] .text C:\ProgramData\Razer\SwitchBlade\RzSBHelper.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751c14bb 2 bytes [1C, 75] .text ... * 2 .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751c1465 2 bytes [1C, 75] .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751c14bb 2 bytes [1C, 75] .text ... * 2 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751c1465 2 bytes [1C, 75] .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751c14bb 2 bytes [1C, 75] .text ... * 2 .text C:\Program Files (x86)\Razer\SwitchBlade\RzAppManager.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751c1465 2 bytes [1C, 75] .text C:\Program Files (x86)\Razer\SwitchBlade\RzAppManager.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751c14bb 2 bytes [1C, 75] .text ... * 2 .text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751c1465 2 bytes [1C, 75] .text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751c14bb 2 bytes [1C, 75] .text ... * 2 .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[6820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751c1465 2 bytes [1C, 75] .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[6820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751c14bb 2 bytes [1C, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe[6188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751c1465 2 bytes [1C, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe[6188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751c14bb 2 bytes [1C, 75] .text ... * 2 .text C:\Program Files (x86)\Steam\Steam.exe[5448] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 000000007546549c 5 bytes JMP 0000000100080800 .text C:\Program Files (x86)\Steam\Steam.exe[5448] C:\Program Files (x86)\Steam\bin\avformat-53.dll!ff_mp4_read_dec_config_descr + 369 0000000050a95ce1 3 bytes [D4, 37, BE] .text C:\Program Files (x86)\Steam\Steam.exe[5448] C:\Program Files (x86)\Steam\bin\avformat-53.dll!ff_mov_write_chan + 516 0000000050a96024 3 bytes [20, 8C, AE] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5620] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 000000007546549c 5 bytes JMP 00000001001c0800 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5620] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000751c1465 2 bytes [1C, 75] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5620] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000751c14bb 2 bytes [1C, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3912:5376] 000007fefaee2a7c ---- EOF - GMER 2.1 ----