GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-30 15:05:40 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-22ERMA0 rev.17.01H17 465,76GB Running: gmer.exe; Driver: C:\Users\Kamil\AppData\Local\Temp\pwldqpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7528b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7528b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75308fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007503144a 2 bytes CALL 7526489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 753088c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75308aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 753087ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75308b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7527fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075031555 2 bytes JMP 752868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75309089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75308bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7530877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7527fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7528b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75308f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 75308713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000746b17fa 2 bytes CALL 752611a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000746b1860 2 bytes CALL 752611a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000746b1942 2 bytes JMP 75217089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000746b194d 2 bytes JMP 7521cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7528b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7528b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75308fd1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007503144a 2 bytes CALL 7526489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 753088c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75308aa0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 753087ba C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75308b8a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7527fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075031555 2 bytes JMP 752868ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75309089 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75308bea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7530877e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7527fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7528b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75308f4c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 75308713 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7528b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7528b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75308fd1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007503144a 2 bytes CALL 7526489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 753088c4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75308aa0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 753087ba C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75308b8a C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7527fca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075031555 2 bytes JMP 752868ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75309089 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75308bea C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7530877e C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7527fd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7528b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75308f4c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[2664] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 75308713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7528b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7528b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75308fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007503144a 2 bytes CALL 7526489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 753088c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75308aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 753087ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75308b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7527fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075031555 2 bytes JMP 752868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75309089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75308bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7530877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7527fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7528b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75308f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 75308713 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [2832] entry point in ".rdata" section 000000006fd171e6 .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7528b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7528b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75308fd1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007503144a 2 bytes CALL 7526489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 753088c4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75308aa0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 753087ba C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75308b8a C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7527fca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075031555 2 bytes JMP 752868ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75309089 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75308bea C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7530877e C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7527fd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7528b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75308f4c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Vaiafineco\Vaiafineco.exe[3816] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 75308713 C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Process C:\ProgramData\Vaiafineco\Vaiafineco.exe (*** suspicious ***) @ C:\ProgramData\Vaiafineco\Vaiafineco.exe [2664](2015-12-29 10:47:50) 0000000000220000 Process C:\ProgramData\Vaiafineco\Vaiafineco.exe (*** suspicious ***) @ C:\ProgramData\Vaiafineco\Vaiafineco.exe [3816](2015-12-29 10:47:50) 0000000000220000 Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A7D3438-DFA7-4F5F-9D14-249B8D8AC81E}\offreg.4880.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [4880](2015-12-30 13:22:21) 000007fee1470000 ---- EOF - GMER 2.1 ----