GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-03 20:07:37 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 ST500DM002-1BD142 rev.KC44 465,76GB Running: ndovrosw.exe; Driver: C:\Users\User\AppData\Local\Temp\aftcaaob.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [776:4812] 000007fef7872154 Thread C:\Windows\system32\svchost.exe [908:3796] 000007fef7872154 Thread C:\Windows\System32\svchost.exe [1020:4412] 000007feec9f6b8c Thread C:\Windows\System32\svchost.exe [1020:3196] 000007feec9f1d88 Thread C:\Windows\System32\svchost.exe [308:1128] 000007fefa7c31f4 Thread C:\Windows\System32\svchost.exe [308:3816] 000007fef52f44e0 Thread C:\Windows\System32\svchost.exe [308:4272] 000007fef0cf14a0 Thread C:\Windows\System32\svchost.exe [308:3184] 000007fef5a088f8 Thread C:\Windows\System32\svchost.exe [308:5812] 000007feee733efc Thread C:\Windows\System32\svchost.exe [308:5864] 000007feee8d8a4c Thread C:\Windows\System32\svchost.exe [308:992] 000007fef26042c8 Thread C:\Windows\System32\svchost.exe [308:4156] 000007fef8825fd0 Thread C:\Windows\System32\svchost.exe [308:2432] 000007fef88263ec Thread C:\Windows\system32\svchost.exe [460:1652] 000007fef4bc0ea8 Thread C:\Windows\system32\svchost.exe [460:3700] 000007fef4bb9db0 Thread C:\Windows\system32\svchost.exe [460:1868] 000007fef4bbaa10 Thread C:\Windows\system32\svchost.exe [460:3956] 000007fef4bc1c94 Thread C:\Windows\system32\svchost.exe [460:5024] 000007feeea5d3c8 Thread C:\Windows\system32\svchost.exe [460:5028] 000007feeea5d3c8 Thread C:\Windows\system32\svchost.exe [460:5020] 000007feeea5d3c8 Thread C:\Windows\system32\svchost.exe [460:5016] 000007feeea5d3c8 Thread C:\Windows\system32\svchost.exe [460:3960] 000007fef0d26ed4 Thread C:\Windows\system32\svchost.exe [460:4680] 000007fef0d26b8c Thread C:\Windows\system32\svchost.exe [544:1236] 000007fefa261a50 Thread C:\Windows\system32\svchost.exe [544:5060] 000007fef9105124 Thread C:\Windows\system32\svchost.exe [544:5108] 000007feef17506c Thread C:\Windows\system32\svchost.exe [544:5112] 000007fef1671c20 Thread C:\Windows\system32\svchost.exe [544:5116] 000007fef1671c20 Thread C:\Windows\system32\svchost.exe [544:5568] 000007fef4914164 Thread C:\Windows\system32\svchost.exe [544:5532] 000007fef50717f8 Thread C:\Windows\System32\spoolsv.exe [1256:1700] 000007fef8a810c8 Thread C:\Windows\System32\spoolsv.exe [1256:1740] 000007fef8a46144 Thread C:\Windows\System32\spoolsv.exe [1256:1744] 000007fef8825fd0 Thread C:\Windows\System32\spoolsv.exe [1256:1748] 000007fef8813438 Thread C:\Windows\System32\spoolsv.exe [1256:1752] 000007fef88263ec Thread C:\Windows\System32\spoolsv.exe [1256:1756] 000007fef8813438 Thread C:\Windows\System32\spoolsv.exe [1256:1760] 000007fef88263ec Thread C:\Windows\System32\spoolsv.exe [1256:1768] 000007fef90c5e5c Thread C:\Windows\System32\spoolsv.exe [1256:1772] 000007fef8d85074 Thread C:\Windows\System32\spoolsv.exe [1256:1860] 000007fef8cd8760 Thread C:\Windows\system32\svchost.exe [1356:1380] 000007fefc211a70 Thread C:\Windows\system32\svchost.exe [1356:1384] 000007fefc211a70 Thread C:\Windows\system32\svchost.exe [1356:1420] 000007fefc211a70 Thread C:\Windows\system32\svchost.exe [1356:1428] 000007fef9442c70 Thread C:\Windows\system32\svchost.exe [1356:1436] 000007fef944fb40 Thread C:\Windows\system32\svchost.exe [1356:1448] 000007fef9461d20 Thread C:\Windows\system32\svchost.exe [1356:1452] 000007fef944f6f0 Thread C:\Windows\system32\svchost.exe [1356:1580] 000007fef72735c0 Thread C:\Windows\system32\svchost.exe [1356:3868] 000007fef7275600 Thread C:\Windows\system32\svchost.exe [1356:4284] 000007fef0cd2888 Thread C:\Windows\system32\svchost.exe [1356:4296] 000007fef0ca2940 Thread C:\Windows\system32\taskhost.exe [1636:1948] 000007fef7d11f38 Thread C:\Windows\system32\taskhost.exe [1636:1952] 000007fef7ab2740 Thread C:\Windows\system32\taskhost.exe [1636:1996] 000007fef9ca1010 Thread C:\Windows\system32\taskhost.exe [1636:2108] 000007fef7db5170 Thread C:\Windows\SysWOW64\svchost.exe [1676:1496] 00000000621717a4 Thread C:\Windows\system32\svchost.exe [3864:5088] 000007fef8825fd0 Thread C:\Windows\system32\svchost.exe [3864:4872] 000007fef88263ec Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4684:5992] 000007fefb152a7c Thread C:\Windows\System32\svchost.exe [4184:5280] 000007fef7db5170 Thread C:\Windows\System32\svchost.exe [4184:6328] 000007fef9109874 Thread [5008:5132] 0000000076ee2e65 Thread [5008:5148] 0000000076ee3e85 Thread [5008:5780] 00000000621717a4 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1556:1280] 0000000074da7587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1556:2216] 000000005afd0cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1556:2248] 0000000076ee2e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1556:4460] 0000000076ee3e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1556:4652] 0000000076ee3e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1556:6504] 0000000076ee3e85 Thread C:\Windows\System32\svchost.exe [4456:3204] 000007feec3b9688 Thread [164:5996] 0000000076ee3e85 Thread [164:3768] 0000000074da7587 Thread [164:5204] 0000000076ee2e65 Thread [3828:5248] 0000000074da7587 Thread [3828:4700] 0000000076ee2e65 Thread [3828:3804] 0000000076ee3e85 Thread [3828:6120] 0000000076ee3e85 Thread [3828:3368] 0000000076ee3e85 Thread C:\Windows\SysWOW64\ntdll.dll [6280:3952] 0000000001318b40 Thread C:\Windows\SysWOW64\ntdll.dll [6280:4800] 0000000001301579 Thread C:\Windows\SysWOW64\ntdll.dll [6280:6772] 0000000001301579 Thread C:\Windows\SysWOW64\ntdll.dll [6280:1168] 000000005472e99d Thread C:\Windows\SysWOW64\ntdll.dll [6280:4428] 00000000547e7d7c Thread C:\Windows\SysWOW64\ntdll.dll [6280:6248] 00000000547e7d7c Thread C:\Windows\SysWOW64\ntdll.dll [6280:2300] 00000000547e7d7c Thread C:\Windows\SysWOW64\ntdll.dll [6280:5988] 00000000547e7d7c Thread C:\Windows\SysWOW64\ntdll.dll [6280:1560] 000000005f312f9e Thread C:\Windows\SysWOW64\ntdll.dll [6280:6968] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:4224] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:5156] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:1572] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:5720] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:4368] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:5652] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:4488] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6156] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:5224] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6320] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6852] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:3404] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:7120] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:2796] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:4580] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6480] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:5492] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:2132] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:7164] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6148] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6916] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:4048] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:4696] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:1840] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:7012] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:736] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6708] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6428] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:3692] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:4108] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:5416] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:2072] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:7152] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:5928] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:2244] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6900] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6340] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:1344] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:7764] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:3288] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:8092] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:7660] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6668] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:5300] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:2280] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6384] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6792] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:1736] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:7560] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:8036] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:1092] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:6692] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:7216] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:7116] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:4560] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:5200] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:3424] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:4668] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:3724] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:5168] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:7264] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:3188] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:4864] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:7416] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:8000] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:4664] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:5680] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:5556] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:5372] 000000005ed4c5ca Thread C:\Windows\SysWOW64\ntdll.dll [6280:7768] 000000005ed4c5ca Thread [5380:1036] 000000005472e99d Thread [5380:6680] 0000000076ee2e65 Thread [5380:5164] 0000000076ee3e85 Thread [5380:4584] 000000006d6762ee ---- EOF - GMER 2.1 ----