GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-22 13:10:11 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB Running: hleiqtcu.exe; Driver: C:\Users\Bugis\AppData\Local\Temp\kwddrkob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ff3000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff80002ff3011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1204] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075df1465 2 bytes [DF, 75] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1204] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075df14bb 2 bytes [DF, 75] .text ... * 2 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2080] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075748769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2080] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075df1465 2 bytes [DF, 75] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2080] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075df14bb 2 bytes [DF, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000070d31a22 2 bytes [D3, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000070d31ad0 2 bytes [D3, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000070d31b08 2 bytes [D3, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000070d31bba 2 bytes [D3, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000070d31bda 2 bytes [D3, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075df1465 2 bytes [DF, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075df14bb 2 bytes [DF, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [1560:688] 000007fee31f9688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3412:3176] 000007fefb1f2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3412:3188] 000007fee2284830 ---- EOF - GMER 2.1 ----