GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-13 16:12:23 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDT721032SLA360 rev.ST2OA31B 298,09GB Running: gmer.exe; Driver: C:\Users\Zero\AppData\Local\Temp\aftciaod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1956] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000763f8791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076191465 2 bytes [19, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000761914bb 2 bytes [19, 76] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076191465 2 bytes [19, 76] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761914bb 2 bytes [19, 76] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076191465 2 bytes [19, 76] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761914bb 2 bytes [19, 76] .text ... * 2 .text C:\Windows\Explorer.EXE[3892] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000776e0650 5 bytes JMP 0000000104560018 .text C:\Users\Zero\AppData\Local\Akamai\netsession_win.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076191465 2 bytes [19, 76] .text C:\Users\Zero\AppData\Local\Akamai\netsession_win.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761914bb 2 bytes [19, 76] .text ... * 2 .text C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076191465 2 bytes [19, 76] .text C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761914bb 2 bytes [19, 76] .text ... * 2 .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076191465 2 bytes [19, 76] .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761914bb 2 bytes [19, 76] .text ... * 2 .text C:\Users\Zero\AppData\Local\Akamai\netsession_win.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076191465 2 bytes [19, 76] .text C:\Users\Zero\AppData\Local\Akamai\netsession_win.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761914bb 2 bytes [19, 76] .text ... * 2 .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076191465 2 bytes [19, 76] .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761914bb 2 bytes [19, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076191465 2 bytes [19, 76] .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761914bb 2 bytes [19, 76] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077831530 16 bytes [50, 48, B8, 34, 35, 28, EE, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077831380 16 bytes [50, 48, B8, 08, 0C, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000778314f0 16 bytes [50, 48, B8, 60, 0B, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077831510 48 bytes [50, 48, B8, DC, 0A, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077831550 16 bytes [50, 48, B8, 2C, 0C, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000778315a0 32 bytes [50, 48, B8, 84, 0B, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778315e0 16 bytes [50, 48, B8, 6C, 0A, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077831680 16 bytes [50, 48, B8, B4, 0B, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077831800 16 bytes [50, 48, B8, 30, 09, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077832270 16 bytes [50, 48, B8, 00, 0B, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778322c0 16 bytes [50, 48, B8, 3C, 0B, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077832410 16 bytes [50, 48, B8, C8, 0B, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077831380 16 bytes [50, 48, B8, 08, 0C, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000778314f0 16 bytes [50, 48, B8, 60, 0B, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077831510 48 bytes [50, 48, B8, DC, 0A, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077831550 16 bytes [50, 48, B8, 2C, 0C, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000778315a0 32 bytes [50, 48, B8, 84, 0B, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778315e0 16 bytes [50, 48, B8, 6C, 0A, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077831680 16 bytes [50, 48, B8, B4, 0B, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077831800 16 bytes [50, 48, B8, 30, 09, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077832270 16 bytes [50, 48, B8, 00, 0B, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778322c0 16 bytes [50, 48, B8, 3C, 0B, 2A, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077832410 16 bytes [50, 48, B8, C8, 0B, 2A, 3F, ...] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076191465 2 bytes [19, 76] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761914bb 2 bytes [19, 76] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4604] @ C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [b76c0030] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7ccdc17??????????? ---- EOF - GMER 2.1 ----