GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-24 17:13:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB Running: b44m449j.exe; Driver: C:\Users\RAFA~1\AppData\Local\Temp\pgddqpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000123b00 7 bytes [C0, 9F, F3, FF, 01, AB, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000123b08 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[2304] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefe9b4ed0 9 bytes [68, 78, 03, 26, 03, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[2304] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefb285c54 7 bytes [68, 08, 03, 26, 03, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[2304] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefb285c64 9 bytes [68, 40, 03, 26, 03, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[2304] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefeae17a0 9 bytes [68, B0, 03, 26, 03, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A 00000000778df548 7 bytes JMP 0000000100260570 .text C:\Program Files\Internet Explorer\iexplore.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W 00000000778eb0ac 7 bytes JMP 00000001002605a8 .text C:\Program Files\Internet Explorer\iexplore.exe[4396] C:\Windows\system32\kernel32.dll!CreateThread 00000000775a6580 9 bytes JMP 00000001002604c8 .text C:\Program Files\Internet Explorer\iexplore.exe[4396] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefd2c75f0 7 bytes [68, E0, 05, 26, 00, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[4396] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007fefe951180 10 bytes [68, C0, 06, 26, 00, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4396] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007fefe951320 7 bytes [68, 50, 06, 26, 00, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[4396] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007fefe954450 6 bytes [68, 18, 06, 26, 00, C3] .text C:\Program Files\Internet Explorer\iexplore.exe[4396] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007fefe956720 10 bytes [68, 88, 06, 26, 00, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4396] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefe9b4ed0 9 bytes [68, 78, 03, 26, 00, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4396] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefb285c54 7 bytes [68, 08, 03, 26, 00, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[4396] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefb285c64 9 bytes [68, 40, 03, 26, 00, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4396] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefeae17a0 9 bytes [68, B0, 03, 26, 00, C3, CC, ...] ---- EOF - GMER 2.1 ----