GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-16 19:54:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SSD_PM800_TM_64GB rev.VBM24D1Q 59.63GB Running: m4n6zvkc.exe; Driver: C:\Users\DELLPA~1\AppData\Local\Temp\kwddraow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075391401 2 bytes JMP 7524b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075391419 2 bytes JMP 7524b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075391431 2 bytes JMP 752c8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007539144a 2 bytes CALL 7522489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753914dd 2 bytes JMP 752c8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753914f5 2 bytes JMP 752c89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007539150d 2 bytes JMP 752c8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075391525 2 bytes JMP 752c8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007539153d 2 bytes JMP 7523fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075391555 2 bytes JMP 752468ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007539156d 2 bytes JMP 752c8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075391585 2 bytes JMP 752c8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007539159d 2 bytes JMP 752c86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753915b5 2 bytes JMP 7523fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753915cd 2 bytes JMP 7524b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753916b2 2 bytes JMP 752c8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\ProtectService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753916bd 2 bytes JMP 752c8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075391401 2 bytes JMP 7524b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075391419 2 bytes JMP 7524b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075391431 2 bytes JMP 752c8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007539144a 2 bytes CALL 7522489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753914dd 2 bytes JMP 752c8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753914f5 2 bytes JMP 752c89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007539150d 2 bytes JMP 752c8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075391525 2 bytes JMP 752c8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007539153d 2 bytes JMP 7523fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075391555 2 bytes JMP 752468ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007539156d 2 bytes JMP 752c8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075391585 2 bytes JMP 752c8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007539159d 2 bytes JMP 752c86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753915b5 2 bytes JMP 7523fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753915cd 2 bytes JMP 7524b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753916b2 2 bytes JMP 752c8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MiuiTab\HPNotify.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753916bd 2 bytes JMP 752c8671 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [892:2792] 000007fef8010ea8 Thread C:\Windows\system32\svchost.exe [892:2828] 000007fef8009db0 Thread C:\Windows\system32\svchost.exe [892:2708] 000007fef800aa10 Thread C:\Windows\system32\svchost.exe [892:2804] 000007fef8011c94 Thread C:\Windows\system32\svchost.exe [892:3244] 000007feeb5e5c24 Thread C:\Windows\system32\svchost.exe [892:3356] 000007feeb5eeff0 Thread C:\Windows\system32\svchost.exe [892:3612] 000007fef98e4f84 Thread C:\Windows\system32\svchost.exe [892:3240] 000007fef608d3c8 Thread C:\Windows\system32\svchost.exe [892:2168] 000007fef608d3c8 Thread C:\Windows\system32\svchost.exe [892:2092] 000007fef608d3c8 Thread C:\Windows\system32\svchost.exe [892:3252] 000007fef608d3c8 Thread C:\Windows\system32\svchost.exe [892:336] 000007fef602c2d4 Thread C:\Windows\system32\svchost.exe [892:2552] 000007fef602c2d4 Thread C:\Windows\system32\svchost.exe [892:2164] 000007fef602c2d4 Thread C:\Windows\system32\svchost.exe [892:3060] 000007fef602c2d4 Thread C:\Windows\system32\svchost.exe [892:2460] 000007fef79f5124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3092:4156] 000007fefb072bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3092:4176] 000007fef1da5648 ---- Files - GMER 2.1 ---- File C:\Users\dellParsley\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00134a 0 bytes File C:\Users\dellParsley\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00134b 0 bytes ---- EOF - GMER 2.1 ----