GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-12-18 10:28:07
Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\0000002c TOSHIBA_MQ01ABD075 rev.AX0A4M 698.64GB
Running: jjvqgcqk.exe; Driver: C:\Users\Bowplus\AppData\Local\Temp\fwddqpow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\ntoskrnl.exe!NtCallbackReturn + 960 fffff8024cdcbf00 4 bytes [40, 01, A8, FF]
.text C:\Windows\system32\ntoskrnl.exe!NtCallbackReturn + 965 fffff8024cdcbf05 87 bytes [C4, 66, 03, C0, 88, B4, 04, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[396] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007ffab7ae154a 4 bytes [AE, B7, FA, 7F]
.text C:\Windows\Explorer.EXE[396] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007ffab7ae1552 4 bytes [AE, B7, FA, 7F]
.text C:\Windows\Explorer.EXE[396] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007ffab7ae162a 4 bytes [AE, B7, FA, 7F]
.text C:\Windows\Explorer.EXE[396] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007ffab7ae1642 4 bytes [AE, B7, FA, 7F]
.text C:\Windows\Explorer.EXE[396] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabcc8169a 4 bytes [C8, BC, FA, 7F]
.text C:\Windows\Explorer.EXE[396] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabcc816a2 4 bytes [C8, BC, FA, 7F]
.text C:\Windows\Explorer.EXE[396] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabcc8181a 4 bytes [C8, BC, FA, 7F]
.text C:\Windows\Explorer.EXE[396] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabcc81832 4 bytes [C8, BC, FA, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffabdac1930 6 bytes [48, B8, 30, 08, 30, 02]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00007ffabdac1938 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 00007ffabb38d48d 5 bytes [B8, 30, 08, 77, 02]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 00007ffabb38d493 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabcc8169a 4 bytes [C8, BC, FA, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabcc816a2 4 bytes [C8, BC, FA, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabcc8181a 4 bytes [C8, BC, FA, 7F]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[980] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabcc81832 4 bytes [C8, BC, FA, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [484:496] fffff960009a8b90
Thread [1432:1440] 00007ffab3d69420
Thread [1432:1444] 00007ffabda647e0
Thread [1432:1452] 00007ffabc9f0310
Thread [1432:1464] 00007ffab75431a0
Thread [1432:1528] 00007ffab3776730
Thread [1432:1532] 0000000180014020
Thread [1432:1536] 0000000180014020
Thread [1432:1540] 00000001800139c0
Thread [1432:1544] 0000000180010b90
Thread [1432:1548] 00007ffab394daf0
Thread [1432:1552] 00007ffab394db00
Thread [1432:1556] 00007ffab394db00
Thread [1432:1560] 00007ffab394db00
Thread [1432:1564] 00007ffab394db00
Thread [1432:1568] 00007ffab394db40
Thread [1432:1800] 00007ffab3571c80
Thread [1432:1804] 00007ffabc9f0310
Thread [1432:1808] 00007ffab0e18320
Thread [1432:1356] 00007ffabda647e0
Thread [1432:1428] 00007ffab7554420
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----