GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-20 18:49:06 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC65 465,76GB Running: zj1np13v.exe; Driver: C:\Users\L\AppData\Local\Temp\pwtirkow.sys ---- Kernel code sections - GMER 2.2 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033a6000 13 bytes [D2, 48, 8B, CB, E8, DF, C2, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff800033a600e 3 bytes [00, 00, 00] ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2672] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760b1465 2 bytes [0B, 76] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2672] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760b14bb 2 bytes [0B, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4232] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760b1465 2 bytes [0B, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4232] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760b14bb 2 bytes [0B, 76] .text ... * 2 ---- Files - GMER 2.2 ---- File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_1 0 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_1\21091_depotcache_1.csd 1056848453 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_1\21091_depotcache_1.csm 40340 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_1\21091_depotcache_2.csd 1065701820 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_1\21091_depotcache_2.csm 84944 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_1\21091_depotcache_3.csd 1058808144 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_1\21091_depotcache_3.csm 64208 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_1\21091_depotcache_4.csd 1056311649 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_1\21091_depotcache_4.csm 43436 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_1\21091_depotcache_5.csd 377276932 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_1\21091_depotcache_5.csm 26732 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_1\sku.sis 430 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_2 0 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_2\21091_depotcache_6.csd 1065524889 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_2\21091_depotcache_6.csm 95456 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_2\21091_depotcache_7.csd 1060778997 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_2\21091_depotcache_7.csm 83972 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_2\21091_depotcache_8.csd 1056646639 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_2\21091_depotcache_8.csm 36848 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_2\21091_depotcache_9.csd 180984442 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_2\21091_depotcache_9.csm 6536 bytes File C:\Program Files (x86)\Steam\Backups\F.E.A.R.\Disk_2\sku.sis 430 bytes ---- EOF - GMER 2.2 ----