GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-28 20:03:24 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c ST500DM002-1BD142 rev.KC48 465,76GB Running: i9zzef4w.exe; Driver: C:\Users\MEDIAE~1\AppData\Local\Temp\ugldrpob.sys ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!strncmp] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!wcspbrk] [1000100000000] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!_vsnprintf] [80000020800000a0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!wcsspn] [8000003800000010] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!wcscat_s] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!qsort] [1000000000000] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!strspn] [8000005000000001] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!strpbrk] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!wcsstr] [1000000000000] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!isdigit] [8000006800000001] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!toupper] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!memcmp] [8000000409] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!memcpy] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!_wcsicmp] [1000000000000] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!wcschr] [9000000409] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!_itow_s] [c800024458] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!_wsplitpath_s] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!wcscpy_s] [3a8000240b0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!swscanf_s] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!memset] [490055004d0003] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!strchr] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!_wcsupr_s] [560000003403a8] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!_vsnwprintf] [450056005f0053] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!wcsrchr] [4f004900530052] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!memmove] [4e0049005f004e] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[msvcrt.dll!_wcsnicmp] [4f0046] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!EtwTraceMessage] [2580440700060003] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlValidateHeap] [2580440700060003] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlSizeHeap] [3f] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlAdjustPrivilege] [100040004] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlNtStatusToDosError] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlCheckTokenMembership] [30600000000] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtQueryValueKey] [72007400530001] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtOpenKey] [460067006e0069] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtOpenFile] [490065006c0069] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtQueryInformationFile] [6f0066006e] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlVirtualUnwind] [300001000002e2] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlLookupFunctionEntry] [30003900300034] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlCaptureContext] [3000420034] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlDeleteCriticalSection] [4300010016004c] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!EtwEventUnregister] [610070006d006f] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!EtwEventRegister] [61004e0079006e] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlInitializeCriticalSectionAndSpinCount] [65006d] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlLeaveCriticalSection] [7200630069004d] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlEnterCriticalSection] [66006f0073006f] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtWaitForSingleObject] [6f004300200074] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtCreateEvent] [72006f00700072] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlExitUserThread] [6f006900740061] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtSetEvent] [23006e0000006e] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtAlpcCancelMessage] [6c006900460001] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!AlpcInitializeMessageAttribute] [73006500440065] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtAlpcAcceptConnectPort] [70006900720063] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtResumeThread] [6e006f00690074] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlCreateUserThread] [75004d00000000] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtAlpcOpenSenderProcess] [6d00690074006c] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlFreeUnicodeString] [61006900640065] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlReleaseRelativeName] [61006c00430020] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlDosPathNameToRelativeNtPathName_U] [53002000730073] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtApphelpCacheControl] [64006500680063] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [720065006c0075] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtAlpcCreatePort] [72006500530020] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlInitUnicodeStringEx] [65006300690076] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlFreeSid] [28007000000000] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlSetDaclSecurityDescriptor] [6c006900460001] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlAddAccessAllowedAce] [72006500560065] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlCreateAcl] [6e006f00690073] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlCreateSecurityDescriptor] [2e003600000000] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlLengthSid] [360039002e0033] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlAllocateAndInitializeSid] [31002e00300030] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!EtwEventWrite] [35003100340037] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtClose] [69007700280020] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlGetVersion] [75006c0062006e] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlImageRvaToVa] [340072005f0065] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlImageDirectoryEntryToData] [3100340031002e] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlInitUnicodeString] [2d003800320030] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlAppendUnicodeToString] [30003000350031] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlAppendUnicodeStringToString] [a003400000029] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!DbgPrintEx] [74006e00490001] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlFormatCurrentUserKeyPath] [61006e00720065] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlDowncaseUnicodeString] [6d0061004e006c] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NlsMbCodePageTag] [6d006d00000065] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtQueryKey] [2e007300730063] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtEnumerateValueKey] [6c006c0064] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlExpandEnvironmentStrings_U] [4c0001002e0080] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlAnsiStringToUnicodeString] [6c006100670065] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtMapViewOfSection] [790070006f0043] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlInitAnsiString] [68006700690072] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlInitString] [2000a900000074] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtQueryInformationProcess] [7200630069004d] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtQueryDirectoryFile] [66006f0073006f] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtUnmapViewOfSection] [6f004300200074] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlQueryEnvironmentVariable_U] [72006f00700072] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlxAnsiStringToUnicodeSize] [6f006900740061] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtCreateFile] [410020002e006e] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlGetNativeSystemInformation] [720020006c006c] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlUnicodeStringToInteger] [74006800670069] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlDoesFileExists_U] [65007200200073] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlGetFullPathName_U] [76007200650073] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!NtCreateSection] [2e00640065] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlDosPathNameToNtPathName_U] [4f0001000a003c] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!LdrResFindResource] [69006700690072] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlUpcaseUnicodeString] [46006c0061006e] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlCopyUnicodeString] [6e0065006c0069] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlUpcaseUnicodeChar] [65006d0061] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlUpcaseUnicodeToMultiByteN] [730063006d006d] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlGUIDFromString] [6c0064002e0073] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!AlpcGetMessageAttribute] [25006a0000006c] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlFreeHeap] [6f007200500001] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[ntdll.dll!RtlAllocateHeap] [74006300750064] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[apphelp.dll!ApphelpCheckRunAppEx] [8] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[apphelp.dll!ApphelpDebugPrintf] [b800000000] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!ReadFile] [490055004d] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!DisableThreadLibraryCalls] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetFileSize] [10] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!CreateFileMappingW] [490055004d] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!ExpandEnvironmentStringsW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetFileTime] [1000000006] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!VirtualQuery] [55002d006e0065] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetFileSizeEx] [53] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetFileInformationByHandle] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetVolumeNameForVolumeMountPointW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetVolumeInformationW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetVolumePathNameW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetSystemWindowsDirectoryW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!LocalFree] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!MoveFileExW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!DeleteFileW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetFileAttributesExW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!ReleaseMutex] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!WaitForSingleObject] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!CreateMutexW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetBinaryTypeW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!IsWow64Process] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!Wow64RevertWow64FsRedirection] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!Wow64DisableWow64FsRedirection] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetLongPathNameW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!OutputDebugStringW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetEnvironmentVariableW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!FindNextFileW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!FindClose] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!UnregisterWaitEx] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!SetFilePointerEx] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!SetErrorMode] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!SetFilePointer] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!FindFirstFileW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!ReleaseActCtx] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!QueryActCtxW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!CreateActCtxW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetProcAddress] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!GetModuleHandleW] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!UnmapViewOfFile] [0] IAT C:\Windows\system32\svchost.exe[540] @ c:\windows\system32\aelupsvc.dll[KERNEL32.dll!MapViewOfFile] [0] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [612:648] fffff960009392d0 Thread C:\Windows\system32\svchost.exe [540:2364] 00007ff8c3f84ee0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----