GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-17 12:01:11 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD10EZEX-00KUWA0 rev.15.01H15 931,51GB Running: nsu2ij30.exe; Driver: C:\Users\admin\AppData\Local\Temp\uwddakob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\services.exe[680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[956] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Windows\System32\svchost.exe[400] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\System32\svchost.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1060] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1316] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\Explorer.EXE[1604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1368] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2656] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[2676] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c31465 2 bytes [C3, 74] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c314bb 2 bytes [C3, 74] .text ... * 2 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[2708] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c31465 2 bytes [C3, 74] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c314bb 2 bytes [C3, 74] .text ... * 2 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2764] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2824] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[2856] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2980] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074811a22 2 bytes [81, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074811ad0 2 bytes [81, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074811b08 2 bytes [81, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074811bba 2 bytes [81, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074811bda 2 bytes [81, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c31465 2 bytes [C3, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c314bb 2 bytes [C3, 74] .text ... * 2 .text C:\Windows\system32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\conhost.exe[3180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3440] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000768087c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3440] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c31465 2 bytes [C3, 74] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c314bb 2 bytes [C3, 74] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[3932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1568] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c31465 2 bytes [C3, 74] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c314bb 2 bytes [C3, 74] .text ... * 2 .text C:\Users\admin\Downloads\nsu2ij30.exe[1428] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Users\admin\Downloads\nsu2ij30.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c31465 2 bytes [C3, 74] .text C:\Users\admin\Downloads\nsu2ij30.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c314bb 2 bytes [C3, 74] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3672:4252] 000007fefb592ab8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3672:4740] 000007fef1a75124 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000 0 bytes File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000\r197 0 bytes File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000\r197\Minecraft Launcher.e_{73e0cd04-9724-11e3-83cd-d43d7ee3ae4c} 0 bytes File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000\r197\Minecraft Launcher.e_{73e0cd04-9724-11e3-83cd-d43d7ee3ae4c}\C 0 bytes File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000\r197\Minecraft Launcher.e_{73e0cd04-9724-11e3-83cd-d43d7ee3ae4c}\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000\r197\Minecraft Launcher.e_{73e0cd04-9724-11e3-83cd-d43d7ee3ae4c}\C\Users\admin 0 bytes File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000\r197\Minecraft Launcher.e_{73e0cd04-9724-11e3-83cd-d43d7ee3ae4c}\C\Users\admin\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000\r197\Minecraft Launcher.e_{73e0cd04-9724-11e3-83cd-d43d7ee3ae4c}\C\Users\admin\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000\r197\Minecraft Launcher.e_{73e0cd04-9724-11e3-83cd-d43d7ee3ae4c}\C\Users\admin\AppData\Roaming\.minecraft 0 bytes File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000\r197\Minecraft Launcher.e_{73e0cd04-9724-11e3-83cd-d43d7ee3ae4c}\C\Users\admin\AppData\Roaming\.minecraft\launcher_profiles.json 310 bytes File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000\r197\Minecraft Launcher.e_{73e0cd04-9724-11e3-83cd-d43d7ee3ae4c}\C\Users\admin\AppData\Roaming\.minecraft\minecraft launcher 0 bytes File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000\r197\Minecraft Launcher.e_{73e0cd04-9724-11e3-83cd-d43d7ee3ae4c}\C\Users\admin\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe 1109677 bytes executable File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000\r197\Minecraft Launcher.e_{73e0cd04-9724-11e3-83cd-d43d7ee3ae4c}\C\Users\admin\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Update News.htm 16360 bytes File C:\avast! sandbox\S-1-5-21-749034205-2315866158-2849202167-1000\r197\Minecraft Launcher.e_{73e0cd04-9724-11e3-83cd-d43d7ee3ae4c}\C\Users\admin\AppData\Roaming\.minecraft\minecraft launcher\options.json 73 bytes ---- EOF - GMER 2.1 ----