GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-30 22:03:38 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e WDC_WD3200LPCX-24C6HT0 rev.02.01A02 298,09GB Running: fgfl019i.exe; Driver: C:\Users\lenovo\AppData\Local\Temp\fxlyrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[968] C:\windows\system32\WS2_32.dll!connect 00007ff836f45730 5 bytes JMP 00007ff8b6f60018 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] @ C:\windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ff876df0030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] @ C:\windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ff876df0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] @ C:\windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ff876df0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] @ C:\windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ff876320030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] @ C:\windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ff876df0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ff876320030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] @ C:\windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ff876df0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] @ C:\windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ff876320030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] @ C:\windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ff876df0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] @ C:\windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ff876df0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] @ C:\windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ff876320030] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ff876df0070] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ff876320030] ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\csrss.exe [544:552] fffff9600081c2d0 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\Lightzap\Lightzap.exe (*** suspicious ***) @ C:\ProgramData\Lightzap\Lightzap.exe [1556](2015-12-27 19:12:17) 0000000000c80000 Library C:\ProgramData\Lightzap\Anbam.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [968](2015-12-27 19:1 00007ff812ee0000 Library C:\Users\lenovo\AppData\Local\SweetLabs App Platform\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\lenovo\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [5036] (Chromium/The Chromium Authors)(2015-10-30 21:09:06) 000000006b6b0000 Library C:\Users\lenovo\AppData\Local\SweetLabs App Platform\Engine\icudt.dll (*** suspicious ***) @ C:\Users\lenovo\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [5036] (ICU Data DLL/The ICU Project)(2015-04-28 20:15:22) 000000006f150000 Process C:\ProgramData\Lightzap\Lightzap.exe (*** suspicious ***) @ C:\ProgramData\Lightzap\Lightzap.exe [4204](2015-12-27 19:12:17) 0000000000c80000 Library C:\Users\lenovo\AppData\Local\SweetLabs App Platform\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\lenovo\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [4712] (Chromium/The Chromium Authors)(2015-10-30 21:09:06) 000000006b6b0000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----