GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-29 15:17:33 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f HGST_HTS545050A7E680 rev.GG2OAH10 465,76GB Running: 1ckrdn6h.exe; Driver: C:\Users\FILIPK~1\AppData\Local\Temp\ugldypod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\mfevtps.exe[1624] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ff903de169a 4 bytes [DE, 03, F9, 7F] .text C:\Windows\system32\mfevtps.exe[1624] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ff903de16a2 4 bytes [DE, 03, F9, 7F] .text C:\Windows\system32\mfevtps.exe[1624] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ff903de181a 4 bytes [DE, 03, F9, 7F] .text C:\Windows\system32\mfevtps.exe[1624] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ff903de1832 4 bytes [DE, 03, F9, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2044] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff903de169a 4 bytes [DE, 03, F9, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2044] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff903de16a2 4 bytes [DE, 03, F9, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2044] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff903de181a 4 bytes [DE, 03, F9, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2044] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff903de1832 4 bytes [DE, 03, F9, 7F] .text C:\Windows\System32\igfxpers.exe[3876] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff903de169a 4 bytes [DE, 03, F9, 7F] .text C:\Windows\System32\igfxpers.exe[3876] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff903de16a2 4 bytes [DE, 03, F9, 7F] .text C:\Windows\System32\igfxpers.exe[3876] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff903de181a 4 bytes [DE, 03, F9, 7F] .text C:\Windows\System32\igfxpers.exe[3876] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff903de1832 4 bytes [DE, 03, F9, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1892] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff903de169a 4 bytes [DE, 03, F9, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1892] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff903de16a2 4 bytes [DE, 03, F9, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1892] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff903de181a 4 bytes [DE, 03, F9, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1892] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff903de1832 4 bytes [DE, 03, F9, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4180] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff903de169a 4 bytes [DE, 03, F9, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4180] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff903de16a2 4 bytes [DE, 03, F9, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4180] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff903de181a 4 bytes [DE, 03, F9, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4180] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff903de1832 4 bytes [DE, 03, F9, 7F] .text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe[3464] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ff903de169a 4 bytes [DE, 03, F9, 7F] .text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe[3464] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ff903de16a2 4 bytes [DE, 03, F9, 7F] .text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe[3464] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ff903de181a 4 bytes [DE, 03, F9, 7F] .text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe[3464] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ff903de1832 4 bytes [DE, 03, F9, 7F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [684:708] fffff9600094db90 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\IePluginServices\PluginService.exe (*** suspicious ***) @ C:\ProgramData\IePluginServices\PluginService.exe [1136] (IePlugin Service/Cherished Technololgy LIMITED)(2014-10-08 15:11:17) 00000000013c0000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----