GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-30 17:34:23 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6 Samsung_SSD_840_EVO_250GB rev.EXT0BB0Q 232,88GB Running: 7hx73lmj.exe; Driver: C:\Users\Figo2\AppData\Local\Temp\aflcyaod.sys ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [536:584] fffff961c9717300 Thread C:\WINDOWS\system32\svchost.exe [832:860] 000000d5c98d0100 Thread C:\WINDOWS\system32\svchost.exe [832:864] 000000d5c98d0100 Thread C:\WINDOWS\system32\svchost.exe [328:1732] 0000001685090100 Thread C:\WINDOWS\system32\svchost.exe [328:1736] 0000001685090100 Thread C:\WINDOWS\system32\svchost.exe [332:1972] 00000078ae810100 Thread C:\WINDOWS\system32\svchost.exe [332:1976] 00000078ae810100 Thread C:\WINDOWS\system32\dashost.exe [1716:4296] 0000002e79420100 Thread C:\WINDOWS\system32\dashost.exe [1716:4300] 0000002e79420100 Thread C:\WINDOWS\system32\dashost.exe [1716:4308] 0000002e7943ebb0 Thread C:\WINDOWS\system32\dashost.exe [1716:4332] 0000002e7943ebb0 Thread C:\WINDOWS\System32\svchost.exe [1360:2980] 000000908eba0100 Thread C:\WINDOWS\System32\svchost.exe [1360:2984] 000000908eba0100 Thread C:\WINDOWS\System32\svchost.exe [2204:2240] 000000db55790100 Thread C:\WINDOWS\System32\svchost.exe [2204:2244] 000000db55790100 Thread C:\WINDOWS\System32\spoolsv.exe [2344:2380] 00000000017b0100 Thread C:\WINDOWS\System32\spoolsv.exe [2344:2384] 00000000017b0100 Thread C:\WINDOWS\System32\svchost.exe [2564:7096] 000000d4f5e10100 Thread C:\WINDOWS\System32\svchost.exe [2564:5556] 000000d4f5e10100 Thread C:\WINDOWS\system32\mqsvc.exe [2644:2976] 00000053f9000100 Thread C:\WINDOWS\system32\mqsvc.exe [2644:2780] 00000053f9000100 Thread C:\WINDOWS\system32\mqsvc.exe [2644:2892] 00000053f901ebb0 Thread C:\WINDOWS\system32\mqsvc.exe [2644:3168] 00000053f901ebb0 Thread C:\WINDOWS\Explorer.EXE [4580:5440] 000000000b040100 Thread C:\WINDOWS\Explorer.EXE [4580:5444] 000000000b040100 Thread C:\WINDOWS\Explorer.EXE [4580:5452] 000000000b05ebb0 Thread C:\WINDOWS\Explorer.EXE [4580:5484] 000000000b05ebb0 Thread C:\WINDOWS\Explorer.EXE [4580:5544] 000000000b0312b0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1740:340] 000000d54a9c0100 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1740:4436] 000000d54a9c0100 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1740:7116] 000000d54a9debb0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1740:6584] 000000d54a9debb0 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (*** suspicious ***) @ C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2584] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2015-04-03 13:30:52) 0000000100000000 Process C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (*** suspicious ***) @ C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [2632] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2015-04-03 13:30:52) 0000000100000000 ---- EOF - GMER 2.1 ----