GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-30 20:52:45 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 298,09GB Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxroraoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763d1401 2 bytes JMP 75feb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763d1419 2 bytes JMP 75feb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763d1431 2 bytes JMP 76069149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763d144a 2 bytes CALL 75fc4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763d14dd 2 bytes JMP 76068a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763d14f5 2 bytes JMP 76068c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763d150d 2 bytes JMP 76068938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763d1525 2 bytes JMP 76068d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763d153d 2 bytes JMP 75fdfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763d1555 2 bytes JMP 75fe6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763d156d 2 bytes JMP 76069201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763d1585 2 bytes JMP 76068d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763d159d 2 bytes JMP 760688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763d15b5 2 bytes JMP 75fdfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763d15cd 2 bytes JMP 75feb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763d16b2 2 bytes JMP 760690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763d16bd 2 bytes JMP 76068891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763d1401 2 bytes JMP 75feb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763d1419 2 bytes JMP 75feb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763d1431 2 bytes JMP 76069149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763d144a 2 bytes CALL 75fc4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763d14dd 2 bytes JMP 76068a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763d14f5 2 bytes JMP 76068c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763d150d 2 bytes JMP 76068938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763d1525 2 bytes JMP 76068d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763d153d 2 bytes JMP 75fdfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763d1555 2 bytes JMP 75fe6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763d156d 2 bytes JMP 76069201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763d1585 2 bytes JMP 76068d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763d159d 2 bytes JMP 760688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763d15b5 2 bytes JMP 75fdfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763d15cd 2 bytes JMP 75feb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763d16b2 2 bytes JMP 760690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763d16bd 2 bytes JMP 76068891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 00000000763d1401 2 bytes JMP 75feb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 00000000763d1419 2 bytes JMP 75feb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 00000000763d1431 2 bytes JMP 76069149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 00000000763d144a 2 bytes CALL 75fc4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 00000000763d14dd 2 bytes JMP 76068a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 00000000763d14f5 2 bytes JMP 76068c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 00000000763d150d 2 bytes JMP 76068938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 00000000763d1525 2 bytes JMP 76068d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 00000000763d153d 2 bytes JMP 75fdfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 00000000763d1555 2 bytes JMP 75fe6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 00000000763d156d 2 bytes JMP 76069201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 00000000763d1585 2 bytes JMP 76068d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 00000000763d159d 2 bytes JMP 760688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 00000000763d15b5 2 bytes JMP 75fdfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 00000000763d15cd 2 bytes JMP 75feb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 00000000763d16b2 2 bytes JMP 760690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[980] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 00000000763d16bd 2 bytes JMP 76068891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763d1401 2 bytes JMP 75feb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763d1419 2 bytes JMP 75feb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763d1431 2 bytes JMP 76069149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763d144a 2 bytes CALL 75fc4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763d14dd 2 bytes JMP 76068a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763d14f5 2 bytes JMP 76068c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763d150d 2 bytes JMP 76068938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763d1525 2 bytes JMP 76068d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763d153d 2 bytes JMP 75fdfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763d1555 2 bytes JMP 75fe6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763d156d 2 bytes JMP 76069201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763d1585 2 bytes JMP 76068d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763d159d 2 bytes JMP 760688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763d15b5 2 bytes JMP 75fdfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763d15cd 2 bytes JMP 75feb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763d16b2 2 bytes JMP 760690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763d16bd 2 bytes JMP 76068891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763d1401 2 bytes JMP 75feb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763d1419 2 bytes JMP 75feb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763d1431 2 bytes JMP 76069149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763d144a 2 bytes CALL 75fc4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763d14dd 2 bytes JMP 76068a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763d14f5 2 bytes JMP 76068c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763d150d 2 bytes JMP 76068938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763d1525 2 bytes JMP 76068d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763d153d 2 bytes JMP 75fdfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763d1555 2 bytes JMP 75fe6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763d156d 2 bytes JMP 76069201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763d1585 2 bytes JMP 76068d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763d159d 2 bytes JMP 760688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763d15b5 2 bytes JMP 75fdfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763d15cd 2 bytes JMP 75feb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763d16b2 2 bytes JMP 760690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763d16bd 2 bytes JMP 76068891 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3932:3392] 000007fefb752ae8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3932:4020] 000007feed958a28 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3932:3400] 000007feed958a28 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3932:3044] 000007fefa135124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3932:3908] 000007feed8bd668 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3932:1348] 000007feed958a28 ---- EOF - GMER 2.2 ----