GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-02 22:23:27 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000022 ST500LT012-1DG142 rev.0001SDM1 465,76GB Running: 4xjgv076.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\pxddipod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1476] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe8c15169a 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1476] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe8c1516a2 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1476] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe8c15181a 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1476] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe8c151832 4 bytes [15, 8C, FE, 7F] .text C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe[1636] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe8c15169a 4 bytes [15, 8C, FE, 7F] .text C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe[1636] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe8c1516a2 4 bytes [15, 8C, FE, 7F] .text C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe[1636] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe8c15181a 4 bytes [15, 8C, FE, 7F] .text C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe[1636] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe8c151832 4 bytes [15, 8C, FE, 7F] .text C:\Windows\system32\mfevtps.exe[1712] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe8c15169a 4 bytes [15, 8C, FE, 7F] .text C:\Windows\system32\mfevtps.exe[1712] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe8c1516a2 4 bytes [15, 8C, FE, 7F] .text C:\Windows\system32\mfevtps.exe[1712] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffe8c15181a 4 bytes [15, 8C, FE, 7F] .text C:\Windows\system32\mfevtps.exe[1712] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffe8c151832 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[1908] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe8c15169a 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[1908] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe8c1516a2 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[1908] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe8c15181a 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[1908] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe8c151832 4 bytes [15, 8C, FE, 7F] .text C:\Windows\Explorer.EXE[2328] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe8c15169a 4 bytes [15, 8C, FE, 7F] .text C:\Windows\Explorer.EXE[2328] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe8c1516a2 4 bytes [15, 8C, FE, 7F] .text C:\Windows\Explorer.EXE[2328] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe8c15181a 4 bytes [15, 8C, FE, 7F] .text C:\Windows\Explorer.EXE[2328] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe8c151832 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4024] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe8c15169a 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4024] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe8c1516a2 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4024] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffe8c15181a 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4024] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffe8c151832 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[4228] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe8c15169a 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[4228] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe8c1516a2 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[4228] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe8c15181a 4 bytes [15, 8C, FE, 7F] .text C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[4228] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe8c151832 4 bytes [15, 8C, FE, 7F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [616:640] fffff9600094ab90 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\DatacardService\HWDeviceService64.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\HWDeviceService64.exe [1544](2010-11-16 13:38:16) 00007ff733e20000 Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [2352] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2010-11-16 13:37:30) 0000000000400000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----