GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-23 14:09:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC35 465,76GB Running: epu8e1dw.exe; Driver: C:\Users\Sykwek\AppData\Local\Temp\pflyypob.sys ---- User code sections - GMER 2.2 ---- .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077061465 2 bytes [06, 77] .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770614bb 2 bytes [06, 77] .text ... * 2 .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077061465 2 bytes [06, 77] .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770614bb 2 bytes [06, 77] .text ... * 2 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef48a741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef48a5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef48a5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef48a5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef48a7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef48a6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef48a6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef48a7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef48a7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef48a78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef48a4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef48a5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef48a7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8C66245A-F67D-4A20-B78F-C9B53AB8BAC1}@LeaseObtainedTime 1477218955 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8C66245A-F67D-4A20-B78F-C9B53AB8BAC1}@T1 1477222555 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8C66245A-F67D-4A20-B78F-C9B53AB8BAC1}@T2 1477225255 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8C66245A-F67D-4A20-B78F-C9B53AB8BAC1}@LeaseTerminatesTime 1477226155 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Sykwek\Desktop\Far Cry Primal\xae Crack By GAME$ WORLD\Crack Installer.exe 1 ---- EOF - GMER 2.2 ----