GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-29 17:18:56 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB Running: 0vie6eim.exe; Driver: C:\Users\dom\AppData\Local\Temp\uxriqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763f1401 2 bytes JMP 7677b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763f1419 2 bytes JMP 7677b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763f1431 2 bytes JMP 767f8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763f144a 2 bytes CALL 767548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763f14dd 2 bytes JMP 767f87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763f14f5 2 bytes JMP 767f8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763f150d 2 bytes JMP 767f8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763f1525 2 bytes JMP 767f8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763f153d 2 bytes JMP 7676fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763f1555 2 bytes JMP 767768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763f156d 2 bytes JMP 767f8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763f1585 2 bytes JMP 767f8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763f159d 2 bytes JMP 767f865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763f15b5 2 bytes JMP 7676fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763f15cd 2 bytes JMP 7677b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763f16b2 2 bytes JMP 767f8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763f16bd 2 bytes JMP 767f85f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\Dwm.exe[1360] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefd9e45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\Dwm.exe[1360] C:\Windows\system32\ws2_32.dll!getsockname 000007fefd9e9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\Dwm.exe[1360] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefda0e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\Dwm.exe[1360] C:\Windows\system32\ws2_32.dll!getpeername 000007fefda0e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\Explorer.EXE[1376] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd9e45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\Explorer.EXE[1376] C:\Windows\system32\WS2_32.dll!getsockname 000007fefd9e9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\Explorer.EXE[1376] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefda0e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\Explorer.EXE[1376] C:\Windows\system32\WS2_32.dll!getpeername 000007fefda0e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\system32\taskhost.exe[1520] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefd9e45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\taskhost.exe[1520] C:\Windows\system32\ws2_32.dll!getsockname 000007fefd9e9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\taskhost.exe[1520] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefda0e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\taskhost.exe[1520] C:\Windows\system32\ws2_32.dll!getpeername 000007fefda0e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1652] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd9e45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1652] C:\Windows\system32\WS2_32.dll!getsockname 000007fefd9e9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1652] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefda0e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1652] C:\Windows\system32\WS2_32.dll!getpeername 000007fefda0e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763f1401 2 bytes JMP 7677b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763f1419 2 bytes JMP 7677b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763f1431 2 bytes JMP 767f8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763f144a 2 bytes CALL 767548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763f14dd 2 bytes JMP 767f87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763f14f5 2 bytes JMP 767f8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763f150d 2 bytes JMP 767f8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763f1525 2 bytes JMP 767f8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763f153d 2 bytes JMP 7676fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763f1555 2 bytes JMP 767768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763f156d 2 bytes JMP 767f8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763f1585 2 bytes JMP 767f8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763f159d 2 bytes JMP 767f865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763f15b5 2 bytes JMP 7676fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763f15cd 2 bytes JMP 7677b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763f16b2 2 bytes JMP 767f8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763f16bd 2 bytes JMP 767f85f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\conhost.exe[3480] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefd9e45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\conhost.exe[3480] C:\Windows\system32\ws2_32.dll!getsockname 000007fefd9e9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\conhost.exe[3480] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefda0e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\conhost.exe[3480] C:\Windows\system32\ws2_32.dll!getpeername 000007fefda0e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763f1401 2 bytes JMP 7677b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763f1419 2 bytes JMP 7677b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763f1431 2 bytes JMP 767f8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763f144a 2 bytes CALL 767548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763f14dd 2 bytes JMP 767f87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763f14f5 2 bytes JMP 767f8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763f150d 2 bytes JMP 767f8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763f1525 2 bytes JMP 767f8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763f153d 2 bytes JMP 7676fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763f1555 2 bytes JMP 767768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763f156d 2 bytes JMP 767f8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763f1585 2 bytes JMP 767f8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763f159d 2 bytes JMP 767f865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763f15b5 2 bytes JMP 7676fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763f15cd 2 bytes JMP 7677b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763f16b2 2 bytes JMP 767f8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763f16bd 2 bytes JMP 767f85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38 0000000076d230aa 7 bytes JMP 00000001001b0095 .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\WS2_32.dll!recv + 202 0000000076d26bd8 7 bytes JMP 00000001001b002d .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185 0000000076d27142 7 bytes JMP 00000001001b00c9 .text C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe[3560] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom + 148 0000000076d2cc3a 7 bytes JMP 00000001001b0061 .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763f1401 2 bytes JMP 7677b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763f1419 2 bytes JMP 7677b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763f1431 2 bytes JMP 767f8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763f144a 2 bytes CALL 767548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763f14dd 2 bytes JMP 767f87a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763f14f5 2 bytes JMP 767f8978 C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763f150d 2 bytes JMP 767f8698 C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763f1525 2 bytes JMP 767f8a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763f153d 2 bytes JMP 7676fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763f1555 2 bytes JMP 767768ef C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763f156d 2 bytes JMP 767f8f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763f1585 2 bytes JMP 767f8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763f159d 2 bytes JMP 767f865c C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763f15b5 2 bytes JMP 7676fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763f15cd 2 bytes JMP 7677b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763f16b2 2 bytes JMP 767f8e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\dom\Desktop\0vie6eim.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763f16bd 2 bytes JMP 767f85f1 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88001825824] \SystemRoot\system32\DRIVERS\360Box64.sys [.text] ---- Processes - GMER 2.1 ---- Library C:\??\C:\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1376] 0000000074500000 ---- EOF - GMER 2.1 ----