Help with GMER log

Hi there !

I just ran GMER and I'm not sure if the output means I have a problem or not.

Some people here seems to be a bit more knowledgeable than me so I thought I'd send it here and see if someone has a better idea than I do...

avast! is running so the IAT redirects look fine to me.

What concerns me is the GetBinaryTypeW redirects, and the C:\WINDOWS\System32\win32k.sys!W32pServiceTable modification.

Also the Thread stuff is weird, I can't find a process number 6324...

Any idea ?

I'm not really concerned about the "unknown MBR code", this computer has a Linux dual-boot and I'm not sure GMER knows about that stuff.

Thanks

###

GMER 2.1.19357 - http://www.gmer.net

Rootkit scan 2014-12-20 00:24:22

Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 SAMSUNG_SSD_830_Series rev.CXM03B1Q 119,24GB

Running: opf01mh6.exe; Driver: C:\Users\B\AppData\Local\Temp\kwddipob.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000181e00 15 bytes [00, FA, 0E, 02, C0, 9C, 70, ...]

.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000181e10 11 bytes [00, 00, FC, FF, 80, FA, C0, ...]

---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\services.exe[876] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\lsass.exe[884] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\winlogon.exe[956] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\svchost.exe[352] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\dwm.exe[572] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\svchost.exe[340] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\svchost.exe[1056] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\System32\svchost.exe[1124] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\svchost.exe[1336] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\svchost.exe[1792] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\Program Files\TOSHIBA\Teco\TecoService.exe[2276] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2800] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\svchost.exe[3428] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\taskhostex.exe[3720] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\Explorer.EXE[3856] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\SearchIndexer.exe[3876] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe[2356] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\taskhost.exe[7104] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\DllHost.exe[7332] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\Program Files\Internet Explorer\iexplore.exe[6896] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\cmd.exe[7732] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\conhost.exe[10084] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\Program Files\Windows Defender\MsMpEng.exe[6836] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\Program Files\Windows Defender\MsMpEng.exe[6836] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007fff35f4169a 4 bytes [F4, 35, FF, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[6836] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007fff35f416a2 4 bytes [F4, 35, FF, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[6836] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007fff35f4181a 4 bytes [F4, 35, FF, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[6836] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007fff35f41832 4 bytes [F4, 35, FF, 7F]

.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[9224] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[9224] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007fff35f4169a 4 bytes [F4, 35, FF, 7F]

.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[9224] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007fff35f416a2 4 bytes [F4, 35, FF, 7F]

.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[9224] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007fff35f4181a 4 bytes [F4, 35, FF, 7F]

.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[9224] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007fff35f41832 4 bytes [F4, 35, FF, 7F]

.text C:\WINDOWS\notepad.exe[8880] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\notepad.exe[6860] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

.text C:\WINDOWS\system32\AUDIODG.EXE[5244] C:\WINDOWS\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 165 00007fff35f697c1 1 byte [62]

---- Kernel IAT/EAT - GMER 2.1 ----

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExAllocatePoolWithTag] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoAcquireRemoveLockEx] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeQueryActiveProcessors] [fffff800014eff44] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoDeleteSymbolicLink] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExFreePoolWithTag] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoRegisterShutdownNotification] [fffff800014eff48] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlInitUnicodeString] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoDeleteDevice] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlAppendUnicodeToString] [fffff800014eff4c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeInitializeEvent] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeInitializeDpc] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeSetTimerEx] [fffff800014eff50] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoUnregisterShutdownNotification] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!InitSafeBootMode] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] [fffff800014eff54] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoIsWdmVersionAvailable] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExDeleteResourceLite] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoCreateSymbolicLink] [fffff800014eff58] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlCopyUnicodeString] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoInitializeRemoveLockEx] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExInitializeResourceLite] [fffff800014eff5c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeInitializeTimerEx] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeCancelTimer] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmUnmapLockedPages] [fffff800014eff60] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmFreeContiguousMemory] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmUnmapIoSpace] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [fffff800014eff64] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmMapIoSpace] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmFreePagesFromMdl] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExAcquireResourceExclusiveLite] [fffff800014eff68] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeLeaveCriticalRegion] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoReleaseRemoveLockEx] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoFreeMdl] [fffff800014eff6c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeEnterCriticalRegion] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExAcquireResourceSharedLite] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExReleaseResourceLite] [fffff800014eff70] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IofCompleteRequest] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmProbeAndLockPages] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmUnlockPages] [fffff800014eff74] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoAllocateMdl] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlDeleteElementGenericTableAvl] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlInsertElementGenericTableAvl] [fffff800014eff78] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsLookupProcessByProcessId] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeUnstackDetachProcess] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlIsGenericTableEmptyAvl] [fffff800014eff7c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlInitializeGenericTableAvl] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlEnumerateGenericTableAvl] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ObfDereferenceObject] [fffff800014eff80] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlLookupElementGenericTableAvl] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeStackAttachProcess] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsGetProcessWin32Process] [fffff800014eff84] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoFreeWorkItem] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoGetCurrentProcess] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoAllocateWorkItem] [fffff800014eff88] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmIsAddressValid] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoQueueWorkItem] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExUnregisterCallback] [fffff800014eff8c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwCreateKey] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeResetEvent] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsSetLoadImageNotifyRoutine] [fffff800014eff90] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeSetPriorityThread] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeSetEvent] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlCheckRegistryKey] [fffff800014eff94] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsSetCreateProcessNotifyRoutine] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmAllocatePagesForMdl] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmGetPhysicalAddress] [fffff800014eff98] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsCreateSystemThread] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwQueryValueKey] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsTerminateSystemThread] [fffff800014eff9c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwClose] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ObReferenceObjectByHandle] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeWaitForSingleObject] [fffff800014effa0] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsRemoveLoadImageNotifyRoutine] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExRegisterCallback] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsThreadType] [fffff800014effa4] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlCompareUnicodeString] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeSetSystemAffinityThread] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeWaitForMultipleObjects] [fffff800014effa8] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmGetPhysicalMemoryRanges] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExCreateCallback] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmAllocateContiguousMemorySpecifyCache] [fffff800014effac] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!DbgPrint] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmFreeMappingAddress] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmAllocateMappingAddress] [fffff800014effb0] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ProbeForRead] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExGetPreviousMode] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmGetSystemRoutineAddress] [fffff800014effb4] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoCreateDevice] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ObOpenObjectByPointer] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwSetSecurityObject] [fffff800014effb8] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoDeviceObjectType] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!_snwprintf] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlLengthSecurityDescriptor] [fffff800014effbc] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!SeCaptureSecurityDescriptor] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlCreateSecurityDescriptor] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlSetDaclSecurityDescriptor] [fffff800014effc0] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlAbsoluteToSelfRelativeSD] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!SeExports] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!wcschr] [fffff800014effc4] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!_wcsnicmp] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlLengthSid] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlAddAccessAllowedAce] [fffff800014effc8] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlGetSaclSecurityDescriptor] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlGetDaclSecurityDescriptor] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlGetGroupSecurityDescriptor] [fffff800014effcc] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlGetOwnerSecurityDescriptor] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwOpenKey] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwSetValueKey] [fffff800014effd0] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlFreeUnicodeString] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeBugCheckEx] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwMapViewOfSection] [fffff800014effd4] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwUnmapViewOfSection] [?]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwCreateSection] [fffff800014ed95c] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwOpenFile] [fffff800014effd8] \SystemRoot\System32\Drivers\aswVmm.sys [.text]

IAT C:\WINDOWS\System32\Drivers\aswVmm.sys[ntoskrnl.exe!__C_specific_handler] [?]

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [832:856] fffff960008834d0

Thread [6324:8952] 0000000077575658

Thread [6324:6048] 00000000742df28e

Thread [6324:9608] 0000000077575658

Thread [6324:9308] 0000000074fb78a0

Thread [6324:9356] 0000000073cd3da0

Thread [6324:9476] 0000000073d301a0

Thread [6324:9888] 0000000073a2ff70

Thread [6324:9376] 0000000073a2f640

Thread [6324:9620] 00000000742df28e

Thread [6324:9616] 00000000742df28e

Thread [6324:9820] 00000000742df28e

Thread [6324:9892] 00000000742df28e

Thread [6324:9428] 00000000742df28e

Thread [6324:9484] 00000000742df28e

Thread [6324:9392] 00000000742df28e

Thread [6324:9480] 00000000742df28e

Thread [6324:8548] 0000000073a22970

Thread [6324:7192] 0000000073a22970

Thread [6324:8220] 0000000073a22970

Thread [6324:4016] 0000000073a22970

Thread [6324:7040] 0000000073a22970

Thread [6324:7776] 0000000073a22970

Thread [6324:7288] 0000000073a22970

Thread [6324:4964] 0000000073a22970

Thread [6324:8208] 0000000073a22970

Thread [6324:6300] 0000000073a238b0

Thread [6324:4620] 0000000073a23020

Thread [6324:6876] 0000000073a6c2e0

Thread [6324:8444] 0000000073a6b0d0

Thread [6324:9140] 0000000073a6b550

Thread [6324:6764] 0000000073a25160

Thread [6324:8672] 0000000073a25160

Thread [6324:8404] 0000000073a25160

Thread [6324:5916] 0000000073a25160

Thread [6324:6564] 0000000073a25160

Thread [6324:3544] 0000000073a25160

Thread [6324:3816] 0000000073a25160

Thread [6324:7696] 0000000073a25160

Thread [6324:5072] 0000000073a25160

Thread [6324:8472] 0000000073181080

Thread [6324:4376] 00000000730814b0

Thread [6324:7900] 0000000073a30c60

Thread [6324:5828] 0000000073a24a30

Thread [6324:6664] 0000000077575658

Thread [6324:8432] 00000000742df28e

Thread [6324:8440] 00000000739d76c0

Thread [6324:9132] 00000000731816d0

Thread [6324:7344] 0000000070749ae0

Thread [6324:988] 00000000742df28e

Thread [6324:7460] 00000000742df28e

Thread [6324:8572] 00000000742df28e

Thread [6324:8468] 00000000742df28e

Thread [6324:7216] 00000000742df28e

Thread [6324:7648] 00000000742df28e

Thread [6324:8520] 00000000742df28e

Thread [6324:2704] 00000000742df28e

Thread [6324:4716] 00000000706d0c50

Thread [6324:7940] 00000000706d0c50

Thread [6324:5860] 00000000706d0c50

Thread [6324:5892] 00000000706d0c50

Thread [6324:4928] 00000000706d0c50

Thread [6324:3796] 00000000706d0c50

Thread [6324:6560] 00000000706d0c50

Thread [6324:7364] 00000000706d0c50

Thread [6324:5764] 00000000706d0c50

Thread [6324:5832] 00000000706d0c50

Thread [6324:1076] 00000000706d0c50

Thread [6324:9196] 00000000706d0c50

Thread [6324:6236] 00000000706d0c50

Thread [6324:4568] 00000000706d0c50

Thread [6324:6740] 00000000706d0c50

Thread [6324:6104] 00000000706d0c50

Thread [6324:5840] 00000000706d0c50

Thread [6324:8024] 0000000077575658

Thread [6324:5040] 00000000742df28e

Thread [6324:7764] 0000000073d34440

Thread [6324:7860] 0000000073d37540

Thread [6324:4428] 00000000742df28e

Thread [6324:4996] 00000000742df28e

Thread [6324:5016] 00000000742df28e

Thread [6324:8820] 00000000742df28e

Thread [6324:8552] 0000000077575658

Thread [6324:10184] 0000000077575658

---- Processes - GMER 2.1 ----

Library C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\351e47290edcd65f27c75470c1ea6cd2\Windows.Data.ni.dll (*** suspicious ***) @ C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [3200] 00007fff18e30000

Library C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\3363e49b745a5ddf1aaf80b18c175191\Windows.UI.ni.dll (*** suspicious ***) @ C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [3200] 00007fff18ec0000

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

#1
uski

Posted 19 December 2014 - 05:37 PM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us