GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-23 09:11:25 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d ADATA_SP920SS rev.MU01 119,24GB Running: yjo756p2.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\pxldapow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001e6400 15 bytes [00, 58, F1, 01, C0, 46, 6B, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff960001e6410 11 bytes [00, C5, FB, FF, C0, 46, CA, ...] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!memcpy] [362d414242392d37] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!memcmp] [3545374438443237] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!??3@YAXPEAX@Z] [90a0d277d353942] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!__CxxFrameHandler3] [6f69737265560909] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!??2@YAPEAX_K@Z] [31272073203d206e] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_onexit] [7d09090a0d27302e] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!memcpy_s] [d7d0a0d7d090a0d] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_ultow_s] [a] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!memmove_s] [1000000028] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!realloc] [20000100000010] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_wcsnicmp] [40200000000] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!??_U@YAPEAX_K@Z] [b1200000b12] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!wcschr] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!iswdigit] [e1e9f100ffffff] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!iswalpha] [b6c1ad00b6c9c9] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!towupper] [cfbea800c2b7a8] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!__dllonexit] [e4e0a900dad4b0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_unlock] [c9d7c200dfdcae] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_lock] [9ac2d700b3d0ce] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_initterm] [ffffff00e8ecf0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!malloc] [8fb37500dee8f0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!free] [d1913100b1ba3a] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_amsg_exit] [afbb6d00c98459] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_XcptFilter] [3d9ead0086b77f] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_purecall] [3798cd002b91b4] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_vsnwprintf] [1e87cd003295d2] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!??_V@YAXPEAX@Z] [63ba000071c3] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!memset] [e4eaef004085bd] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNELBASE.dll!Sleep] [14900037408] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[USER32.dll!MsgWaitForMultipleObjectsEx] [90909090a0d7b09] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[USER32.dll!PeekMessageW] [756f72676b636142] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[USER32.dll!TranslateMessage] [90909090a0d646e] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[USER32.dll!DispatchMessageW] [9090909090a0d7b] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[USER32.dll!PostThreadMessageW] [d78656c6c656873] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[SHLWAPI.dll!SHSetThreadRef] [a0d7b090a0d4552] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[SHLWAPI.dll!SHGetThreadRef] [657373616c430909] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[SHLWAPI.dll!SHCreateThreadRef] [a0d7b09090a0d73] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[SHLWAPI.dll!SHStrDupW] [6365726944090909] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[SHELL32.dll!SHGetKnownFolderPath] [d7b0a0d4d4c4b48] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[ntdll.dll!RtlCaptureContext] [f3b93f00eaca41] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[ntdll.dll!RtlLookupFunctionEntry] [29a2d300a7b48c] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[ntdll.dll!RtlVirtualUnwind] [1f97e200008bd8] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[ntdll.dll!RtlWaitOnAddress] [50a6e00069b8eb] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[ntdll.dll!RtlWakeAddressAll] [61abdf004da2dc] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrStubCall3] [4d800037988] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_Disconnect] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_IsIIDSupported] [6e800037e60] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_Invoke] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_Connect] [c2800038548] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrCStdStubBuffer_Release] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrDllCanUnloadNow] [2ce00039170] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrCStdStubBuffer2_Release] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!I_RpcOpenClientProcess] [4d800039440] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!IUnknown_AddRef_Proxy] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_QueryInterface] [300003a330] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrDllGetClassObject] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_AddRef] [3b000039f80] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!IUnknown_QueryInterface_Proxy] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrOleFree] [2240003a360] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrStubForwardingFunction] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrOleAllocate] [47004500520008] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_CountRefs] [52005400530049] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!IUnknown_Release_Proxy] [59005400070059] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_DebugServerQueryInterface] [49004c00450050] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_DebugServerRelease] [42] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[ole32.dll!PropVariantClear] [649f9200bdb182] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!HeapFree] [8000007800000002] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!WaitForSingleObject] [800000b800000006] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!SetEvent] [800000d000000010] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetTickCount] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetProcessHeap] [2000000000000] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!DuplicateHandle] [8000010000000065] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RegCreateKeyExW] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetComputerNameW] [80000148000000c9] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!ReleaseMutex] [80000160000000ca] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CreateMutexExW] [80000178000000cb] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!SetLastError] [80000190000000cc] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!LoadLibraryW] [800001a8000000cd] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!SetErrorMode] [800001c0000000cf] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetModuleHandleExA] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RegOpenKeyExW] [1000000000000] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetProcessId] [800001d800000007] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CheckTokenCapability] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetCurrentThread] [1000000000000] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!MultiByteToWideChar] [800001f000000001] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!ResetEvent] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CreateEventW] [1000000000000] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CompareStringOrdinal] [8000020800000002] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RegDeleteValueW] [1000000000000] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RegGetValueW] [22000000409] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RegCloseKey] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RegSetValueExW] [23000000409] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetTickCount64] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!VirtualProtect] [25000000409] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!LoadLibraryExA] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetSystemInfo] [1000000000000] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!LocalAlloc] [26000000409] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetProcAddress] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RaiseException] [1000000000000] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetModuleHandleW] [27000000409] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!VirtualQuery] [1000000000000] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [28000000409] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!UnhandledExceptionFilter] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [1000000000000] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!QueryPerformanceCounter] [29000000409] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CloseHandle] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!TrySubmitThreadpoolCallback] [1000000000000] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!OpenSemaphoreW] [2a000000409] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CallbackMayRunLong] [1000000000000] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CreateThreadpoolTimer] [2b000000409] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CreateEventExW] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CreateSemaphoreW] [0] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetLastError] [2d000000409] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!ReleaseSemaphore] [f700037310] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[WS2_32.dll!InetPtonW] [4d43544478666769] IAT C:\Windows\Explorer.EXE[5820] @ C:\Windows\System32\PlayToDevice.dll[WS2_32.dll!InetNtopW] [397b272073203d20] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [4404:6076] fffff960008f62d0 Thread C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [1940:3132] 00007fff0ab81000 Thread C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [1940:4592] 00007fff1d4852f0 Thread C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [1940:652] 00007fff1d7419b0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -459998644 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\605718db354d Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 930 ---- EOF - GMER 2.1 ----