GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-05 16:07:56 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-2 WDC_WD10EZEX-00BN5A0 rev.01.01A01 931,51GB Running: k64sun3u.exe; Driver: C:\Users\Dom\AppData\Local\Temp\uxriqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075c61401 2 bytes JMP 75e8b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075c61419 2 bytes JMP 75e8b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075c61431 2 bytes JMP 75f09011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075c6144a 2 bytes CALL 75e648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075c614dd 2 bytes JMP 75f0890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075c614f5 2 bytes JMP 75f08ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075c6150d 2 bytes JMP 75f08800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075c61525 2 bytes JMP 75f08bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075c6153d 2 bytes JMP 75e7fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075c61555 2 bytes JMP 75e86907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075c6156d 2 bytes JMP 75f090c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075c61585 2 bytes JMP 75f08c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075c6159d 2 bytes JMP 75f087c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075c615b5 2 bytes JMP 75e7fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075c615cd 2 bytes JMP 75e8b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075c616b2 2 bytes JMP 75f08f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1372] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075c616bd 2 bytes JMP 75f08759 C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Library C:\Users\Filip\AppData\Local\MEGAsync\ShellExtX64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2116](2014-05-01 14:13:20) 000007fef4850000 ---- EOF - GMER 2.1 ----