GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-01 18:37:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545032B9A300 rev.PB3OC60F 298,09GB Running: qfiu823d.exe; Driver: C:\Users\user\AppData\Local\Temp\aftcaaob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031ed070 25 bytes [C4, 08, 4C, 89, 64, 24, 50, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 586 fffff800031ed08a 6 bytes [00, 00, 00, 80, 05, 00] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2080] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075ee1465 2 bytes [EE, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2080] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075ee14bb 2 bytes [EE, 75] .text ... * 2 .text C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe[124] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 00000000763f4925 5 bytes JMP 00000001004f37e0 .text C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe[124] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000763a4406 5 bytes JMP 0000000102830000 .text C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe[124] C:\Windows\syswow64\WS2_32.dll!send 00000000763a6f01 5 bytes JMP 0000000102790000 .text C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ee1465 2 bytes [EE, 75] .text C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ee14bb 2 bytes [EE, 75] .text ... * 2 ---- EOF - GMER 2.1 ----