GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-14 19:44:18 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000033 TOSHIBA_MQ01ABD050 rev.AX003J 465,76GB Running: jhnmqgsg.exe; Driver: C:\Users\Teresa\AppData\Local\Temp\afdorpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001d2f00 7 bytes [00, 38, 7F, 01, 00, FD, F1] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960001d2f08 7 bytes [01, 0C, C0, FF, 00, D2, DA] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\dwm.exe[584] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\dwm.exe[584] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\dwm.exe[584] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\rundll32.exe[3748] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\rundll32.exe[3748] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\rundll32.exe[3748] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2384] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2384] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2384] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\nvvsvc.exe[2780] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\nvvsvc.exe[2780] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\nvvsvc.exe[2780] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\nvvsvc.exe[2780] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fadefd177a 4 bytes [FD, DE, FA, 07] .text C:\Windows\system32\nvvsvc.exe[2780] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fadefd1782 4 bytes [FD, DE, FA, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[4256] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[4256] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[4256] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\taskhostex.exe[4040] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\taskhostex.exe[4040] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\taskhostex.exe[4040] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\Explorer.EXE[4196] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\Explorer.EXE[4196] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\Explorer.EXE[4196] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\Explorer.EXE[4196] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fadefd177a 4 bytes [FD, DE, FA, 07] .text C:\Windows\Explorer.EXE[4196] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fadefd1782 4 bytes [FD, DE, FA, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2564] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2564] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2564] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\wbem\unsecapp.exe[2752] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\wbem\unsecapp.exe[2752] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\wbem\unsecapp.exe[2752] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4100] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4100] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4100] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\igfxext.exe[2132] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\igfxext.exe[2132] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\igfxext.exe[2132] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4456] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4456] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4456] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\System32\igfxtray.exe[4092] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\System32\igfxtray.exe[4092] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\System32\igfxtray.exe[4092] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\System32\hkcmd.exe[5176] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\System32\hkcmd.exe[5176] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\System32\hkcmd.exe[5176] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\System32\igfxpers.exe[5204] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fadefd177a 4 bytes [FD, DE, FA, 07] .text C:\Windows\System32\igfxpers.exe[5204] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fadefd1782 4 bytes [FD, DE, FA, 07] .text C:\Windows\System32\igfxpers.exe[5204] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\System32\igfxpers.exe[5204] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\System32\igfxpers.exe[5204] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5244] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5244] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5244] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\System32\RuntimeBroker.exe[4192] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\System32\RuntimeBroker.exe[4192] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\System32\RuntimeBroker.exe[4192] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[6864] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fadefd177a 4 bytes [FD, DE, FA, 07] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[6864] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fadefd1782 4 bytes [FD, DE, FA, 07] .text C:\Windows\system32\igfxsrvc.exe[6920] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\igfxsrvc.exe[6920] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\igfxsrvc.exe[6920] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\wbem\unsecapp.exe[6960] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\wbem\unsecapp.exe[6960] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\wbem\unsecapp.exe[6960] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[6992] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[6992] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[6992] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Users\Teresa\Downloads\FRST64.exe[7140] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fadaba1b32 4 bytes [BA, DA, FA, 07] .text C:\Users\Teresa\Downloads\FRST64.exe[7140] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fadaba1b3a 4 bytes [BA, DA, FA, 07] .text C:\Users\Teresa\Downloads\FRST64.exe[7140] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fadefd177a 4 bytes [FD, DE, FA, 07] .text C:\Users\Teresa\Downloads\FRST64.exe[7140] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fadefd1782 4 bytes [FD, DE, FA, 07] .text C:\Users\Teresa\Downloads\FRST64.exe[7140] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Users\Teresa\Downloads\FRST64.exe[7140] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Users\Teresa\Downloads\FRST64.exe[7140] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\taskhost.exe[5912] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad7b21532 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\taskhost.exe[5912] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad7b2153a 4 bytes [B2, D7, FA, 07] .text C:\Windows\system32\taskhost.exe[5912] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad7b2165a 4 bytes [B2, D7, FA, 07] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!_wtol] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!wcstok] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!_vsnwprintf] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!memmove] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!wcsncmp] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!memcmp] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!??3@YAXPEAX@Z] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!__dllonexit] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!_unlock] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!_lock] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!realloc] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!_errno] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!_initterm] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!_amsg_exit] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!malloc] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!memset] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!_wtoi64] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!_purecall] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!wcscat_s] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!wcscpy_s] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!wcsncpy_s] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!free] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!??2@YAPEAX_K@Z] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!_onexit] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[msvcrt.dll!memcpy] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[ntdll.dll!RtlVirtualUnwind] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[ntdll.dll!RtlLookupFunctionEntry] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[ntdll.dll!RtlCaptureContext] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[KERNEL32.dll!LoadLibraryW] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WSClient.dll!WSLicenseGetLicensesForProducts] [bff10d0530] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WSClient.dll!WSLicenseClose] [2124] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WSClient.dll!WSLicenseGetAllValidAppCategoryIds] [1604] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WSClient.dll!WSLicenseOpen] [1d6c] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[USER32.dll!UnregisterClassA] [200000003] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[CRYPT32.dll!CryptUnprotectData] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[CRYPT32.dll!CryptHashPublicKeyInfo] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[CRYPT32.dll!CryptProtectData] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[CRYPT32.dll!CertGetCertificateChain] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[CRYPT32.dll!CertFreeCertificateChain] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[CRYPT32.dll!CertGetEnhancedKeyUsage] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[CRYPT32.dll!CertVerifyCertificateChainPolicy] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[CRYPT32.dll!CertFreeCertificateContext] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WINHTTP.dll!WinHttpCrackUrl] [600000000] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WINHTTP.dll!WinHttpGetIEProxyConfigForCurrentUser] [c00000080] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WINHTTP.dll!WinHttpGetDefaultProxyConfiguration] [8] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WINHTTP.dll!WinHttpCloseHandle] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WINHTTP.dll!WinHttpGetProxyForUrl] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WINHTTP.dll!WinHttpOpen] [2008] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[RPCRT4.dll!UuidToStringA] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[RPCRT4.dll!RpcStringFreeA] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[RPCRT4.dll!I_RpcBindingInqTransportType] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[SspiCli.dll!GetUserNameExW] [ffffffff0002625a] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[SHLWAPI.dll!PathIsRootW] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[SHLWAPI.dll!PathIsUNCW] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[SHLWAPI.dll!PathIsRelativeW] [0] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[SHLWAPI.dll!PathStripToRootW] [1400000001] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WINTRUST.dll!WTHelperProvDataFromStateData] [ac8] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WINTRUST.dll!WinVerifyTrust] [16cc] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WINTRUST.dll!WTHelperGetProvSignerFromChain] [bfe8021510] IAT C:\Windows\system32\svchost.exe[492] @ C:\Windows\System32\storewuauth.dll[WTSAPI32.dll!WTSQueryUserToken] [1ec] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[msvcrt.dll!_initterm] [14c2444c7e43345] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[msvcrt.dll!malloc] [44246483000000] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[msvcrt.dll!free] [8d481c428d44d233] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[msvcrt.dll!_amsg_exit] [c700007dd1e8cc4d] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[msvcrt.dll!_XcptFilter] [3b4c00000020c845] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[msvcrt.dll!memcmp] [4800000461830ffb] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!NdrDllGetClassObject] [cb8b4c20244c8900] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!NdrDllUnregisterProxy] [48ffffb821058d4c] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!CStdStubBuffer_AddRef] [ffffc7a8e810488b] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!NdrCStdStubBuffer2_Release] [24648300000593e9] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!NdrOleFree] [8948a8458d480048] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!NdrStubForwardingFunction] [4824448d48282444] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!NdrOleAllocate] [c933452024448948] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!CStdStubBuffer_CountRefs] [4988558d48c03345] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!IUnknown_Release_Proxy] [d42015ffcd8b] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!CStdStubBuffer_DebugServerQueryInterface] [d37015ffd88b] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!NdrDllCanUnloadNow] [50d850fdb85] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!IUnknown_AddRef_Proxy] [504850f7af883] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!NdrStubCall3] [31e850244c8d4800] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!CStdStubBuffer_DebugServerRelease] [8540244489ffffee] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!CStdStubBuffer_Disconnect] [aea60d8b483579c0] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!CStdStubBuffer_IsIIDSupported] [2d840fcf3b490000] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!CStdStubBuffer_Invoke] [f021c41f6000005] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!CStdStubBuffer_Connect] [36538d0000052384] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!NdrDllRegisterProxy] [b796058d4cc88b44] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!NdrCStdStubBuffer_Release] [b1e810498b48ffff] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!IUnknown_QueryInterface_Proxy] [508e9ffffc7] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[RPCRT4.dll!CStdStubBuffer_QueryInterface] [5c894858245c8b48] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!TerminateProcess] [1c41f60000063084] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!GetCurrentProcess] [4100000626840f02] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [8d4ccb8b4434558d] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!UnhandledExceptionFilter] [498b48ffffb88b05] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!RtlVirtualUnwind] [6e9ffffc8a6e810] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!RtlLookupFunctionEntry] [45884d8d4c000006] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!RtlCaptureContext] [c88b48d38b48c033] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!GetTickCount] [c0850000d48a15ff] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [d3f015ff5375] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!GetCurrentThreadId] [70000c981c8b70f] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!Sleep] [4c89c84e0fc08580] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!DisableThreadLibraryCalls] [af37058b484024] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!GetCurrentProcessId] [5be840fc73b4900] IAT C:\Windows\Explorer.EXE[4196] @ C:\Windows\System32\bitsprx6.dll[KERNEL32.dll!QueryPerformanceCounter] [840f021c40f60000] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3184] 000007fad3b747dc Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3832] 000007fad30194c0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3836] 000007fad3007a70 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3840] 000007fad30194c0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3924] 000007fad2e624d0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3952] 000007fad2f35f3c Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3956] 000007fad2f1d5a0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3960] 000007fad2f125a4 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3964] 000007fad2f125a4 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3968] 000007fad2f125a4 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3972] 000007fad2f125a4 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3988] 000007fad2e646b0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:4020] 000007fad2e646b0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:4056] 000007fad2e646b0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:4084] 000007fad2e646b0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:2864] 000007fad2f125a4 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:2736] 000007fad2f125a4 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:2552] 000007fad2f125a4 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:992] 000007fad2f125a4 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:2520] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:2080] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3764] 000007fad0e6b934 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3760] 000007fad0b2cbc0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:2808] 000007fad0b2cbc0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:2608] 000007fad0b2cbc0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:2940] 000007fad0b2cbc0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:2844] 000007fad0b2cbc0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:2848] 0000000052b6ce9c Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:1724] 0000000052b6ce9c Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:1692] 0000000052b6ce9c Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3200] 0000000052b6ce9c Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:1232] 0000000052b6ce9c Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3904] 000007fad0a255f8 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:2392] 000007fad0a255f8 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:488] 000007fad0b2cbc0 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:980] 000007facf3a039c Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3296] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:236] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:1976] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3728] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:1568] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:832] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:1592] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:552] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:1412] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:644] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:1040] 000007fad0e6b934 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:380] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:1424] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:588] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3588] 000007fad0e6b934 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3736] 000007fad0e6b934 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3820] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3688] 000007fad0e6b934 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:1828] 000007fad0e6b934 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:3212] 000007fad0e6b934 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:4032] 000007fad0e6b934 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:1408] 000007fad0e6b934 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:2256] 000007fad0e6b934 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:4036] 000007fad0e6b934 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:4964] 000007fad0d9fe10 Thread C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572:4656] 0000000052451d70 Thread C:\Windows\system32\csrss.exe [2580:1244] fffff960008a65e8 Thread C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [5404:5392] 00000000636ea297 Thread C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [5404:820] 00000000636ea297 Thread C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [5404:6008] 00000000779d5037 Thread C:\Windows\system32\wwahost.exe [1148:6056] 000007fadd6c23a8 Thread C:\Windows\system32\wwahost.exe [1148:4272] 000007fadb717230 Thread C:\Windows\system32\wwahost.exe [1148:5040] 000007fadd6c23a8 Thread C:\Windows\system32\wwahost.exe [1148:2936] 000007fadf565e10 Thread C:\Windows\system32\wwahost.exe [1148:5264] 000007fadf565e10 Thread C:\Windows\system32\wwahost.exe [1148:1236] 000007fadf565e10 Thread C:\Windows\system32\wwahost.exe [1148:4996] 000007fadd6c23a8 Thread C:\Windows\system32\wwahost.exe [1148:4552] 000007fadd6c23a8 Thread C:\Windows\system32\wwahost.exe [1148:7124] 000007faddabe1b4 ---- Processes - GMER 2.1 ---- Library È÷Gà]H (*** suspicious ***) @ c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [384] 000007f6fae40000 Library È÷Gà]H (*** suspicious ***) @ c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [384] 000007fad5500000 Library È÷Gà]H (*** suspicious ***) @ c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [384] 000007fad49b0000 Library C:\Windows\system32\mfevtps.exe (*** suspicious ***) @ C:\Windows\system32\mfevtps.exe [264] 000007f7012e0000 Library C:\Program Files\McAfee\MSC\McAPExe.exe (*** suspicious ***) @ C:\Program Files\McAfee\MSC\McAPExe.exe [2788] 000007f76cdd0000 Library C:\Program Files\Common Files\McAfee\SystemCore\mfeapfa.dll (*** suspicious ***) @ C:\Program Files\McAfee\MSC\McAPExe.exe [2788] 0000000054ef0000 Library C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll (*** suspicious ***) @ C:\Program Files\McAfee\MSC\McAPExe.exe [2788] 0000000054ed0000 Library C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2888] 000007f734a50000 Library C:\Program Files\Common Files\McAfee\AMCore\quarantine.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2888] 0000000054e20000 Library C:\Program Files\Common Files\McAfee\AMCore\MFEZIP.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2888] 0000000054d90000 Library C:\Program Files\Common Files\McAfee\AMCore\MFEUNZIP.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2888] 0000000054d60000 Library C:\Program Files\Common Files\McAfee\AMCore\MFE_DS.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2888] 0000000054cb0000 Library C:\Program Files\Common Files\McAfee\AMCore\lua_lib.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2888] 0000000054c80000 Library C:\Program Files\Common Files\McAfee\AMCore\MFE_CS.DLL (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2888] 0000000054bc0000 Library C:\Program Files\Common Files\McAfee\AMCore\ncapi.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2888] 0000000054ba0000 Library C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2888] 0000000054ed0000 Library C:\Program Files\Common Files\McAfee\AMCore\EMMain.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2888] 0000000054b50000 Library C:\Program Files\Common Files\McAfee\AMCore\metro_repair.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2888] 0000000054b30000 Library C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2888] 0000000054a00000 Library C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2988] 000007f6258b0000 Library C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2988] 0000000054ed0000 Library C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572] 000007f77ad20000 Library C:\Program Files\Common Files\McAfee\Platform\McSvcHost\LogCntrl.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572] 000007fad40c0000 Library È÷Gà]H (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572] 000007fad4050000 Library C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572] 0000000054a50000 Library C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572] 0000000054a00000 Library C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572] 0000000054ed0000 Library C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572] 00000000549c0000 Library È÷Gà]H (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [1572] 0000000054740000 Library C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [2068] 000007f69c030000 Library C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPService.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [2068] 000007fad0b90000 Library C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCspCorePS.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [2068] 00000000522e0000 Library È÷Gà]H (*** suspicious ***) @ C:\Windows\Explorer.EXE [4196] 000007fac85c0000 Library C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [4196] 0000000054a00000 Library C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [4196] 0000000054ed0000 Library È÷Gà]H (*** suspicious ***) @ C:\Windows\Explorer.EXE [4196] 000007fac8570000 Library È÷Gà]H (*** suspicious ***) @ C:\Windows\Explorer.EXE [4196] 000007fac3f40000 Library È÷Gà]H (*** suspicious ***) @ C:\Windows\Explorer.EXE [4196] 000007fac3d60000 Library C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [3556] 000007f7329c0000 Library C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [3556] 0000000054a00000 Library C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [3556] 0000000054ed0000 Library C:\Program Files\Common Files\McAfee\Platform\mcuifw.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [3556] 000007facf630000 Library È÷Gà]H (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [3556] 000007facf9c0000 Library È÷Gà]H (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [3556] 000007facdb10000 Library È÷Gà]H (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [3556] 000007facfca0000 Library È÷Gà]H (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [3556] 000007facf5a0000 Library È÷Gà]H (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [3556] 000007facd4a0000 Library C:\Program Files\Common Files\McAfee\Platform\mcpltalt.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [3556] 0000000052320000 Library È÷Gà]H (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [3556] 000007facbba0000 Library È÷Gà]H (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [3556] 000007facbaf0000 Library C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (*** suspicious ***) @ C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [5480] 0000000000400000 Library C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll (*** suspicious ***) @ C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [5480] 0000000010000000 Library C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll (*** suspicious ***) @ C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [5480] 0000000000310000 Library C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll (*** suspicious ***) @ C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [5480] 0000000000020000 Library C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll (*** suspicious ***) @ C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [5480] 0000000000030000 Library C:\Program Files (x86)\SweetIM\Messenger\MSVCP71.dll (*** suspicious ***) @ C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [5480] 000000007c3c0000 Library C:\Program Files (x86)\SweetIM\Messenger\MSVCR71.dll (*** suspicious ***) @ C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [5480] 000000007c360000 Library C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll (*** suspicious ***) @ C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [5480] 0000000000260000 Library C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll (*** suspicious ***) @ C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [5480] 0000000000280000 Library C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll (*** suspicious ***) @ C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [5480] 0000000000390000 Library C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll (*** suspicious ***) @ C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [5480] 00000000003c0000 Library C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll (*** suspicious ***) @ C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [6044] 00000000005e0000 Library C:\Program Files (x86)\SweetIM\Messenger\MSVCR71.dll (*** suspicious ***) @ C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [6044] 000000007c360000 Library C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (*** suspicious ***) @ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [5232] 0000000000820000 Library C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (*** suspicious ***) @ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [5404] 0000000000820000 Library C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (*** suspicious ***) @ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [4856] 0000000000820000 Library C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (*** suspicious ***) @ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [7016] 0000000000820000 Library C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (*** suspicious ***) @ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [4668] 0000000000820000 Library C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (*** suspicious ***) @ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1324] 0000000000820000 Library C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (*** suspicious ***) @ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1980] 0000000000820000 Library C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (*** suspicious ***) @ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [4824] 0000000000820000 Library C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (*** suspicious ***) @ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [4528] 0000000000820000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----