GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-02-05 12:36:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4 ST500DM002-1BD142 rev.KC45 465,76GB
Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\aftcaaob.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2332] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                            0000000076421465 2 bytes [42, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2332] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                           00000000764214bb 2 bytes [42, 76]
.text    ...                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     0000000076421465 2 bytes [42, 76]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    00000000764214bb 2 bytes [42, 76]
.text    ...                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000076421465 2 bytes [42, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000764214bb 2 bytes [42, 76]
.text    ...                                                                                                                                                            * 2
.text    C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2668] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                  0000000076421465 2 bytes [42, 76]
.text    C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2668] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                 00000000764214bb 2 bytes [42, 76]
.text    ...                                                                                                                                                            * 2
---- Processes - GMER 2.1 ----

Process  C:\Users\User\AppData\Local\Temp\hglomif.exe (*** suspicious ***) @ C:\Users\User\AppData\Local\Temp\hglomif.exe [2220](2015-02-04 17:05:10)                   0000000000400000
Library  C:\ProgramData\PLAY ONLINE\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2652]                             000000006fbc0000
Library  C:\ProgramData\PLAY ONLINE\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2652](2014-08-25 11:26:11)  000000006e940000
Library  C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2652](2                            000000006a1c0000
Library  C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2652](2014-08-25 11:26:11)      000000006ff00000
Library  C:\ProgramData\PLAY ONLINE\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2652](2014-08-25 11:26:11)   000000006efc0000
Library  C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2652](201                           000000006ed40000

---- EOF - GMER 2.1 ----